Re: diffent machines, same environment?

John Klassa (klassa@mail.com)
Tue, 02 Nov 1999 14:18:19 -0500


>>>>> On Tue, 2 Nov 1999, "Robert" == Robert S. Thau wrote:

Robert> I'm not sure I understand your threat model. True, ':0.0'

I'm using the "I know enough to be dangerous, but not enough to
thoroughly understand the subject at hand" threat model. :-) In other
words, I'm really not sure what I'm talking about. I saw the benefit of
encrypting connections between machines (including the X traffic), and
so assumed there must be some benefit to doing so on the same machine as
well. Guess not.

Robert> ...
Robert> So, I'm not sure I see how an attacker might observe this
Robert> data in transit unless they can read kernel memory. But if
Robert> they can do that, then you're totally compromised anyway ---
Robert> in particular, ssh's encrypted wrappers around X are no help
Robert> at all, because ssh ultimately does have to make unencrypted
Robert> connections to the X client and server at the endpoints.

Good enough for me... Thanks for the lucid explanation!

John

-- 
John Klassa / klassa@mail.com