Bug in the RFB spec.

James Weatherall jnw "at" realvnc.com
Tue May 15 11:01:00 2007 

Hi Peter,

The only valid RFB protocol versions at present are 3.3, 3.7, 3.8 and 4.0,
so the "VNC viewer" that you're referring that reports RFB 3.4 isn't
actually VNC-compatible.

Cheers,

Wez @ RealVNC Ltd


> -----Original Message-----
> From: vnc-list-admin "at" realvnc.com 
> [mailto:vnc-list-admin "at" realvnc.com] On Behalf Of Peter Rosin
> Sent: 15 May 2007 10:11
> To: vnc-list "at" realvnc.com
> Subject: Re: Bug in the RFB spec.
> 
> On Tue, May 15, 2007 at 08:13:29AM +0700, Constantin Kaplinsky wrote:
> > Hello Peter,
> > 
> > >>>>>Peter Rosin wrote:
> > 
> > >While implementing some vnc software I noticed a problem in the RFB
> > >spec (version 3.8, 5 October 2006). It fails to mention 
> that there is
> > >no security result for authentication method 'None' for protocol
> > >version 3.3. As this differs from at least version 3.8 I 
> think there
> > >should be some words on this topic in the spec.
> > 
> > This is documented, see the page 13 of the specification:
> > 
> >   6.2 SECURITY TYPES
> > 
> >   6.2.1 None
> > 
> >   No authentication is needed and protocol data is to be sent
> >   unencrypted.
> > 
> >   Version 3.8 onwards The protocol continues with the SecurityResult
> >   message.
> > 
> >   Version 3.3 and 3.7 The protocol passes to the 
> initialisation phase
> >   (section 6.3).
> 
> Hi Constantin,
> 
> How embarrassing. Oh well, that explains why I got it right in the
> server code, but didn't remember needing to work around this problem
> when the problem was found in my client code.
> 
> Side note: a certain Windows only "VNC" client is a true pest when you
> are implementing a server and want to be compatible, that for sure
> took some workarounds (Oh great, you can do 3.8, then I want 3.4,
> oh and 3.4 means that I will do this and that and whatnot. What crap).
> The companion server in said "VNC" suite is more friendly.
> How do other true VNC servers handle this rouge client?
> 
> Anyway, thanks for the pointer.
> 
> Cheers,
> Peter
> _______________________________________________
> VNC-List mailing list
> VNC-List "at" realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list