[Spice-devel] Questions on security.

Robert Relyea rrelyea at redhat.com
Mon May 3 16:56:00 PDT 2010


Hi all,

I've been asked to look at the security of the spice protocol. I've looked at the project a bit already and have a few potential things to talk about, but I wanted to understand some of the underlying assumptions before I get too far into it.

First, I want to confirm that the protocol itself is not meant to be 'secure' (resistant to active and passive attacks)  unless secured by some higher level channel protocol (like SSL). NOTE: this is not unusual, most internet protocols are not secured unless transported through a trusted pipe like SSL. -- It's usually considered better to use an existing security protocol for a transport than to create a brand new secure protocol from scratch. The chances of getting something wrong is pretty high even for security protocol experts.

If it is meant to be secure, what types of attacks is it supposed to prevent without a secure channel? Is it, for instance, meant to have strong authentication?

There will probably be some more questions depending on the answers to these. I couldn't find any security deployment guide (not surprising at this stage), which would answer these questions.

Thanks,

bob


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6650 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20100503/4d8c8ae2/attachment.bin>


More information about the Spice-devel mailing list