xpra icon
Bug tracker and wiki

Opened 2 years ago

Last modified 16 months ago

#1338 new enhancement

html mode WebRTC transport

Reported by: JAremko Owned by: Antoine Martin
Priority: major Milestone: future
Component: html5 Version: trunk
Keywords: WebRTC AES html Cc:

Description

Xpra html mode works over HTTP so it uses plain text URL. It means that a password and AES key can easily be intercepted. But we can use WebRTC transport with or without signaling server.

Example: https://github.com/cjb/serverless-webrtc

Change History (6)

comment:1 Changed 2 years ago by JAremko

Component: androidhtml5
Type: defectenhancement

comment:2 Changed 2 years ago by Antoine Martin

Milestone: 1.0future

You can use https / wss if you wish..
Using webrtc does not secure things: without a key exchange (or certificate authorities like ssl), your connection is still vulnerable to MITM.

The webrtc stuff could be useful for exporting the webcam back to the server, but apart from that I'm not sure it does anything useful for us.

comment:3 in reply to:  2 Changed 2 years ago by JAremko

Replying to antoine:

You can use https / wss if you wish..
Using webrtc does not secure things: without a key exchange (or certificate authorities like ssl), your connection is still vulnerable to MITM.


Hm. Doesn't WebRTC without tls (https) provide DTLS https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security ?
http://webrtc-security.github.io/images/diagram_2_en.png

I was thinking that if both client and server have access to signed wss signaling server they can establish secure direct connection. Or they can use other secure channels for the "manual" handshake like internet messengers. it wouldn't require fiddling with self signed certificates on the xpra server to use https.

Last edited 2 years ago by JAremko (previous) (diff)

comment:4 Changed 2 years ago by Antoine Martin

You've just pushed the "CA's responsability" to a signaling server...
I'm really not keen on the complexity this would bring but will gladly take patches to implement it.

comment:5 in reply to:  4 Changed 2 years ago by JAremko

Replying to antoine:

You've just pushed the "CA's responsability" to a signaling server...
I'm really not keen on the complexity this would bring but will gladly take patches to implement it.


Ok I understand. Thank you for response.

I just don't want to use self signed certificates for tls, but without it this is in no way secure.

Last edited 2 years ago by JAremko (previous) (diff)

comment:6 Changed 16 months ago by Antoine Martin

FYI: in the latest releases, the HTML5 client can do HMAC authentication without sending any credentials in plain text to the server. (just the HMAC)

See also #1590

Last edited 16 months ago by Antoine Martin (previous) (diff)
Note: See TracTickets for help on using tickets.