[Spice-devel] [PATCH 8/9] Ask for unencrypted tickets if client supports it

Christophe Fergeau cfergeau at redhat.com
Thu Mar 20 03:22:17 PDT 2014


Hey,

On Wed, Mar 12, 2014 at 06:45:37PM +0000, Dietmar Maurer wrote:
> >support for unencrypted tickets, the server can
> > instruct it it should send one. For now, this is restricted to encrypted channels as
> > we don't want to expose an unencrypted password over a non-TLS channel.
> > Clients with unencrypted password support won't send these just yet as the
> > server does not expose the required capability.
> 
> Wouldn't it make more sense to add PLAIN username/password AUTH instead.

This comment, and Marc-André concerns about some backward-compatibility
bits made me realize it would be much easier and less invasive to add a way
for the client to advertise it can use SASL, and to make guarantees it
won't try to use the RSA key when it uses SASL.

Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20140320/5ec1464d/attachment.sig>


More information about the Spice-devel mailing list