Hi, I'd like to request a new pseudo encoding number be allocated. The encoding name would be "ClientRedirect" and this encoding would allow the server to send a framebuffer update message to the client that instructs the client to disconnect and re-connect on a different port (and possibly different host). The idea was discussed on the tigervnc-rfbproto list and the following suggestion was put forth by Daniel Berrange:
Declare the that pseduo encoding's x, y, width & height fields are unused and should be set to 0. They are then followed by a payload that looks something like this: =================== =================== =================================== No. of bytes Type Description =================== =================== =================================== 2 U16 *port-number* 4 U32 *hostname-len* hostname-string U8 array *hostname-string* (UTF8) 4 U32 *x509subject-len* x509subject-string U8 array *x509subject-string* (UTF8) =================== =================== =================================== Passing of a (optional) x509subject-string is an idea I borrow from SPICE. Normally when connecting to a VNC server that uses x509 certs, an important security step is to match the x509 hostname field against the initial hostname that the VNC client was given by the user. During relocation though, this isn't possible, so instead the relocation message would include the expected x509 subject string. The client can then validate that instead of the hostname during relocation. Of course this string would be empty if x509 was irrelevant for the current security types. Apparently QEMU already supports this feature with spice, and I was looking to do something similar, so it would be nice to get something standardized before we end up with multiple unofficial protocol extensions floating around. Thanks! -brian _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
