Some more upstream reasoning for switching from VNC to RDP: Some releases ago an RDP backend was added to gnome-remote-desktop, using the FreeRDP's RDP implementation, while the VNC backend uses the LibVNCServer project's implementation. Over time, the RDP backend significantly surpassed the abilities of the VNC backend, both in terms of features and performance, and we had contemplated switching the default backend in the past already. It's also worth noting that the RDP protocol doesn't have awkward limitations on password length in the commonly used authentication mechanism. Also, from an "outsiders" point of view, FreeRDP feels like a much more active project than LibVNCServer, and RDP is simply a more capable protocol.
A side note about security of the VNC backend: the original intention with the VNC backend was to more or less mimic the functionality of vino, which had an out-dated fork of LibVNCServer bundled with it. Having a fork of a library that tends to get its fair share of CVE's didn't feel like a good idea, so the upstream library was used directly. However, to get the same level of encryption (anon-tls), LibVNCServer still needed to be patched. Patches were originally contributed in 2018, but has not landed yet, thus to get anon-tls encryption, distributions needs downstream patching. With the RDP backend, we both moved away from non-verifiable anon-tls as well as downstream patching. One thing that has stopped us from switching the backend in the past has been the need to re-design the settings dialog. It had been planned to change the design of said dialog for some time already, but it was a non-trivial task, since it involved more complicated steps, such as TLS key/cert generation, management and verification. For GNOME 42, however, we managed to both get designs as well as implement them in Settings, thus it made us feel like it was a good opportunity to make the switch. Originally we intended to have a "blue bar" with a note about the VNC backend being enabled, with the option of disabling it. This blue bar was disabled, after dropping the plan to try to automatically enable the VNC backend on upgrade. The primary reason for dropping this was that any risk of enabling the VNC backend by accident was too big of a risk, given the security implications of unknowingly running a VNC remote desktop server. It was also discussed whether it should be possible to configure the VNC backend as well as the RDP backend, but the design team decided against it; instead we added the command line utility 'grdctl' that allows configuration the VNC backend. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968518 Title: FFe: Backport new RDP settings To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1968518/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
