Some more upstream reasoning for switching from VNC to RDP:

Some releases ago an RDP backend was added to gnome-remote-desktop,
using the FreeRDP's RDP implementation, while the VNC backend uses the
LibVNCServer project's implementation. Over time, the RDP backend
significantly surpassed the abilities of the VNC backend, both in terms
of features and performance, and we had contemplated switching the
default backend in the past already. It's also worth noting that the RDP
protocol doesn't have awkward limitations on password length in the
commonly used authentication mechanism. Also, from an "outsiders" point
of view, FreeRDP feels like a much more active project than
LibVNCServer, and RDP is simply a more capable protocol.

A side note about security of the VNC backend: the original intention
with the VNC backend was to more or less mimic the functionality of
vino, which had an out-dated fork of LibVNCServer bundled with it.
Having a fork of a library that tends to get its fair share of CVE's
didn't feel like a good idea, so the upstream library was used directly.
However, to get the same level of encryption (anon-tls), LibVNCServer
still needed to be patched. Patches were originally contributed in 2018,
but has not landed yet, thus to get anon-tls encryption, distributions
needs downstream patching. With the RDP backend, we both moved away from
non-verifiable anon-tls as well as downstream patching.

One thing that has stopped us from switching the backend in the past has
been the need to re-design the settings dialog. It had been planned to
change the design of said dialog for some time already, but it was a
non-trivial task, since it involved more complicated steps, such as TLS
key/cert generation, management and verification. For GNOME 42, however,
we managed to both get designs as well as implement them in Settings,
thus it made us feel like it was a good opportunity to make the switch.

Originally we intended to have a "blue bar" with a note about the VNC
backend being enabled, with the option of disabling it. This blue bar
was disabled, after dropping the plan to try to automatically enable the
VNC backend on upgrade. The primary reason for dropping this was that
any risk of enabling the VNC backend by accident was too big of a risk,
given the security implications of unknowingly running a VNC remote
desktop server. It was also discussed whether it should be possible to
configure the VNC backend as well as the RDP backend, but the design
team decided against it; instead we added the command line utility
'grdctl' that allows configuration the VNC backend.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1968518

Title:
  FFe: Backport new RDP settings

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1968518/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to