The XDMCP protocol needs several changes for IPv6 address support,
including creation of a new XDM-AUTHENTICATION-2 scheme that can
support addresses larger than 32-bits.
Created attachment 128 [details] [review]
Proposed changes to XDMCP protocol for IPv6 support
I'm a bit confused over the incorporation of 256-bit AES encryption. Given that
we have no method to secure the X protocol running in this XDM environment, are
we sure it's necessary to add this new encryption mechanism here? And, how does
using AES affect our ability to gain export permission for the sample
Without this change, the only thing we need do to the specification is declare
how the value of N is computed; the specification already allows different
transports to use different data. It seems like we should be separating the
changes needed to support IPv6 addresses from those which attempt to provide
I also don't understand (I'm no encryption expert) what extending T from 32 to
64 bits accomplishes; is there concern that the limited range of T values would
expose the protocol to some replay attacks?
The X.org Architecture Task Force has decided to defer the XDM-AUTHENTICATION-2
changes for now, since there is no implementation to get experience with. The
remainder of the changes have been adopted for the X11R6.7/XDMCP standard 1.1
release, after 9 months of beta testing the sample implementation and two rounds
of public review of the standards specs.