Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!virtech!jje
From: jje@virtech.uucp (Jeremy J. Epstein)
Newsgroups: comp.windows.x
Subject: Re: Security extensions to X
Summary: "Secure" NFS isn't even secure
Message-ID: <1989Dec18.180735.1390@virtech.uucp>
Date: 18 Dec 89 18:07:35 GMT
References: <8912091949.AA02514@kanga.lcs.mit.edu> <83040@linus.UUCP>
Organization: Virtual Technologies Inc.
Lines: 37

In article <83040@linus.UUCP>, jp@linus.UUCP (Jeffrey Picciotto) writes:
> 
> > One possibility is to pursue a similar tact as that used by SUN for
> > secure NFS.  Use DES (or better) encrypted TCP/IP, each pair of nodes for
> > which secure communication must occur share a key for the link.
> 
> Really, this is network security.  Clearly, if you run X on a network, you'll
> need to provide network security, but this is true of any networked software,
> not just X.
Jeff is absolutely correct.  Furthermore, Sun's secure NFS only encrypts
the setup messages, not the actual transfer of data across the network.
Therefore, although it's significantly harder to get into Sun's NFS now
than it used to be, wiretapping is still quite effective since the data
flows unencrypted.  [This isn't directly relevant to the discussion of
secure windowing, but I wanted to clarify the point]

IMHO, Sun's 'secure' NFS is only secure by the loosest possible definition.

> 
> The original poster asked if work is being done in this area.  The answer is:
> yes, a variety of companies are working the problem.  In fact, 4 companies
> currently have govt contracts to develop B-level/CMW-compliant systems running
> X.  MITRE, also, is looking into the problem.  Presumably others are too.
> 
Besides the four CMW vendors, there's other research.  I'm working
on a DARPA contract which will be building a secure X-Windows prototype
under Mach.

--Jeremy Epstein
TRW Systems Division
uunet!virtech!jje
jje@virtech.uu.net
-- 
Jeremy Epstein
TRW Systems Division
2750 Prosperity Avenue
FV10/5010