[pledess]

This sounds like a deal breaker for some use cases: https://github.com/GoogleCloudPlatform/iap-desktop/wiki/Trou... "Because of the way IAP Desktop tunnels RDP connections, it always uses NTLM for authentication and can't use Kerberos." There may be environments that lose the security benefits of Kerberos over NTLMv2 (e.g., mutual authentication) because they've been forced into a new compliance mandate that dictates adoption of Zero Trust in all available contexts.

[dvdkon]

Looks like Microsoft's decision to go with increasingly elaborate challenge-response schemes instead of properly encrypting the whole connection (like SSL/SSH) will be haunting us for a while yet.

I don't understand why RDP/SMB/... with plaintext auth over SSL hasn't been a thing for at least a decade, does Microsoft just not care about transport security?

[zaphirplane]

Isn’t it plausible that an interactive gui over ssl didn’t perform well specially for VMs or the affect of the renegotiation

[franga2000]

RDP over SSH already performs very well, so any in-protocol implementation would only be faster (less overhead).