|Summary:||IPv6 support in XDMCP protocol spec|
|Product:||XStandards||Reporter:||Alan Coopersmith <alan.coopersmith>|
|Component:||XDMCP||Assignee:||Alan Coopersmith <alan.coopersmith>|
|Status:||RESOLVED FIXED||QA Contact:|
|i915 platform:||i915 features:|
|Bug Depends on:|
|Bug Blocks:||257, 277|
|Attachments:||Proposed changes to XDMCP protocol for IPv6 support|
Description Alan Coopersmith 2004-03-05 23:16:13 UTC
The XDMCP protocol needs several changes for IPv6 address support, including creation of a new XDM-AUTHENTICATION-2 scheme that can support addresses larger than 32-bits.
Comment 1 Alan Coopersmith 2004-03-05 23:17:02 UTC
Created attachment 128 [details] [review] Proposed changes to XDMCP protocol for IPv6 support
Comment 2 Keith Packard 2004-03-06 09:01:34 UTC
I'm a bit confused over the incorporation of 256-bit AES encryption. Given that we have no method to secure the X protocol running in this XDM environment, are we sure it's necessary to add this new encryption mechanism here? And, how does using AES affect our ability to gain export permission for the sample implementation? Without this change, the only thing we need do to the specification is declare how the value of N is computed; the specification already allows different transports to use different data. It seems like we should be separating the changes needed to support IPv6 addresses from those which attempt to provide additional security. I also don't understand (I'm no encryption expert) what extending T from 32 to 64 bits accomplishes; is there concern that the limited range of T values would expose the protocol to some replay attacks?
Comment 3 Alan Coopersmith 2004-03-28 11:46:05 UTC
The X.org Architecture Task Force has decided to defer the XDM-AUTHENTICATION-2 changes for now, since there is no implementation to get experience with. The remainder of the changes have been adopted for the X11R6.7/XDMCP standard 1.1 release, after 9 months of beta testing the sample implementation and two rounds of public review of the standards specs.