TightVNC over Internet

[netnomad]

hi bmarkus,

you are right!
but i believe only the encryption and the ssh-server that i configured and audited myself ;-)
this "embedded stuff" is often very comfortable,
but a not fully audited and intensively tested remote connection is,
in my personally perception, a risk that i avoid at every reasonable point.
in my opinion these requirements are reached for remote functions and other channels
that go directly into the core of a system... but one is for sure, it's really more manual configuration...
and sometimes not very comfortable...
additionally we all know that security is not a state, it's a process... and the systems are moving,
but it's interesting to solve new tasks and changes.

thank you all for the nice teamwork!

[bmarkus]

If you not WHAT and WHY are you doung it's fine

Regarding SSH, just remember the Debian case when all Debian SSH system were using buggy unsecure SSH for many years...

[netnomad]

yeah, you are right,

remember even the worse case with openbsd...
http://bsd.slashdot.org/story/10/12/15/004235/fbi-alleged-to-have-backdoored-openbsds-ipsec-stack
...from that i get stomache ache...
auditing is one case, really to understand "what's going on" the other!

but we are all learners on the path of getting a tiny piece of insight in the big picture!

[bmarkus]

TigerVNC supports TLS and X.509 certificates. For more info see

http://fedoraproject.org/wiki/Features/TigerVNC1.1