The XDMCP protocol needs several changes for IPv6 address support, including creation of a new XDM-AUTHENTICATION-2 scheme that can support addresses larger than 32-bits.
Created attachment 128 [details] [review] Proposed changes to XDMCP protocol for IPv6 support
I'm a bit confused over the incorporation of 256-bit AES encryption. Given that we have no method to secure the X protocol running in this XDM environment, are we sure it's necessary to add this new encryption mechanism here? And, how does using AES affect our ability to gain export permission for the sample implementation? Without this change, the only thing we need do to the specification is declare how the value of N is computed; the specification already allows different transports to use different data. It seems like we should be separating the changes needed to support IPv6 addresses from those which attempt to provide additional security. I also don't understand (I'm no encryption expert) what extending T from 32 to 64 bits accomplishes; is there concern that the limited range of T values would expose the protocol to some replay attacks?
The X.org Architecture Task Force has decided to defer the XDM-AUTHENTICATION-2 changes for now, since there is no implementation to get experience with. The remainder of the changes have been adopted for the X11R6.7/XDMCP standard 1.1 release, after 9 months of beta testing the sample implementation and two rounds of public review of the standards specs.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.