[dvdkon]

Looks like Microsoft's decision to go with increasingly elaborate challenge-response schemes instead of properly encrypting the whole connection (like SSL/SSH) will be haunting us for a while yet.

I don't understand why RDP/SMB/... with plaintext auth over SSL hasn't been a thing for at least a decade, does Microsoft just not care about transport security?

[zaphirplane]

Isn’t it plausible that an interactive gui over ssl didn’t perform well specially for VMs or the affect of the renegotiation

[franga2000]

RDP over SSH already performs very well, so any in-protocol implementation would only be faster (less overhead).