[vlc-devel] [PATCH 9/9] lua: http: Announce the web interface over mdns

[Rémi Denis-Courmont]

Le sunnuntaina 6. syyskuuta 2020, 6.15.34 EEST Pierre Ynard via vlc-devel a 
écrit :
> - a remote control interface designed around the idea of not allowing
>   full access to full VLC capabilities by default: perhaps safe/advanced
>   modes (with advanced disabled by default), several levels of
>   authorization, or granting access to each client on a feature basis
>   (local media, optical drives, network inputs, stream output...)
>   similarly to the OS permission model for smartphone applications.

That's far less actionable than just keeping the current functionality and 
adding authentication, integrity, confidentiality on top. People would just 
enable everything, and we'd be back again with a cop-out instead of real 
security, like the password now, and the ACL before it.

I kept "secure remote control interface, with user-friendly pairing and 
what-not" abstract because there are many ways to do it. But if you need an 
*example*, you can just:
- on first run, automatically generate a private key,
- generate a self-signed x509 certificate for the private key,
- use it as server-side certificate within TLS,
- when adding (pairing) a new client, display a QR code contaning:
  - the fingerprint of the certificate,
  - a pseudo-random authentication token for the client to pass via Basic or 
Token HTTP authentication.

This is far from perfect. For instance, you would probably want to keep a list 
of paired devices so that you can revoke them.

The application can just scan the QR code. It has all the data it needs to 
authenticate the server (fingerprint) and to authenticate itself to the server 
(token). Of course, this requires remote control applications to actually 
implement this. There is no such thing as a free lunch. But while we cannot 
change web browsers, we *can* strong-arm VLC remotes.

-- 
雷米‧德尼-库尔蒙
http://www.remlab.net/