Path: utzoo!attcan!uunet!lll-winken!ames!mailrus!tut.cis.ohio-state.edu!bloom-beacon!EXPO.LCS.MIT.EDU!rws
From: rws@EXPO.LCS.MIT.EDU (Bob Scheifler)
Newsgroups: comp.windows.x
Subject: Re: X11R3 security hole needs attention
Message-ID: <8903172201.AA16819@EXPIRE.LCS.MIT.EDU>
Date: 17 Mar 89 22:01:26 GMT
References: <8903172103.AA00441@buit5.bu.edu>
Sender: daemon@bloom-beacon.MIT.EDU
Organization: The Internet
Lines: 16


    Is anyone going to fix this in the near future?

Depends on how you define "fix".  We (X Consortium staff at MIT) have been
running a "secure" environment for quite a while now, using a very simple
authorization protocol.  We have a more secure protocol on paper, as part of
our work on an (X) terminal control protocol, that we expect to get implemented
at some point.  People at Project Athena (I'm told) have been working on
integrating Kerberos.  I have diffs in my mailbox from a company that has just
done their own secure authorization protocol.

The hitch, of course, is that none of these are available to the general public
right now (although our simple scheme has been available to members of the
X Consortium for a while now).  It is currently unlikely that MIT will make
anything available until R4.  (And then, there's this problem with distributing
cryptographic stuff outside the US ...)