Allow remote control only from trusted IPs or other ID

[brlarini]

Now that discussions is open I'd like to submit here an idea I originally posted on Issues.
I'm certain others would find it useful too.

Issue #281

Note that it is different from just filtering peers: it would dictate who has rights for remote control or even just screen viewing.

Thanks!

[paspo]

What about a dedicated crypto key?

At the moment, each desktop app has a public key that allow the verification of the server, but there's no role distinction between controlling and controlled party.
If it's enough for the controlled party to allow connection from a specific server, that's not the case for the controlling side. This side must have a stronger authorization method.
One idea would be to have a list of allowed public keys on the server: if the instance initiating a connection is using one of these keys, then it'll be authorized.
We can simplify this with only one key, then implement the list of allowed keys, and then go full-in with authentication and session-specific (even one-time use) keys for authorization.

This will require some modification in the protocol and in the desktop application: you have to specify a controlling private key. But this level of protection is often required when dealing with medium to large installations.

[brlarini]

I think this idea has to start off in a simple way. I proposed it was based on IP address of the peer because smaller implementations probably would have the server and the controlling side in the same network. Of course, it wouldn't work for hosts behind a NAT for example. Then the idea of a crypto key would come in handy.

In the end I just wish there was any method to implement remote control rights.