Comments on draft-bider-ssh-quic
David Schinazi <dschinazi.ietf@gmail.com> Thu, 16 July 2020 01:37 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 871853A0883 for <quic@ietfa.amsl.com>; Wed, 15 Jul 2020 18:37:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RrjkOILa0-Sp for <quic@ietfa.amsl.com>; Wed, 15 Jul 2020 18:37:58 -0700 (PDT)
Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF50C3A0882 for <quic@ietf.org>; Wed, 15 Jul 2020 18:37:57 -0700 (PDT)
Received: by mail-lj1-x22a.google.com with SMTP id j11so5126106ljo.7 for <quic@ietf.org>; Wed, 15 Jul 2020 18:37:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=f7oZnity7NfS03wjUqDzz19nlUSqohsHQHh97gKZPG4=; b=OpSk+aJuWsvyAde7CFFLUwF3J++iJpQt2ddRjGgSiCj8ftMK8A3MQFoy2afC8rnQxn C8XRU2jnQTmyHdPPSyoZ7OMXASXjmvTOoC4gbCPWceJhWhhkrej0BHkjoDSnwrxhb9ad lE9/twdMOiwOhSied2BX+eZCNXSXfkbCZ/y1DhNmZPvOb9uPX94Y+3k74C2Hqtu6nC8f DuHKEQgYwGnqB5dvdX8k/OcYdkG4pDeeoqaGAp8ioYpnfKn3XbLpVm/JibQrLw5WWqlC Mf5FqzJP7bovJ2Tmg+AazSwKqfUBWsc/mGDEOsiyLTj3QKDHNNNWXcvEJyyvCqUDTQAQ U3jA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=f7oZnity7NfS03wjUqDzz19nlUSqohsHQHh97gKZPG4=; b=gc7PKPpOAIr+sVeHj9Hik2+vXcQXNX89HhEeOGiH+GroDh4HIXiuxrpx6TyUn+J6jV jCIyEvXOt7WnCt2WN2NiE58NVNzOiacE2stVZxvmS3v4WZEN2fObwdrfsl2cBS5uzYgb K7ZfT6o/a7Nl+TCNd13LTOr2rkP2Up+EnQCG6HML79Ykrps7kRL77LmHRqiRpVZ69S5h v76VEHhX2xSA5NWZxVGgmL4Kqx6taI8YR3eONeSAvfuY87jWoKtwYS5DM4Jyen5YadNa qrNBnnGxmEeA+etNTf+MIVnXJIINhn1dKxmV3dtsgfCDwUxABMLrHPpZNQQkoui5Z4Uk rWmg==
X-Gm-Message-State: AOAM532S39pdHjIE/yJ+wjvTfkyphFIIR7RjyKM97amqVbcLKqQML80i 7fcSQvRKz1qV8MbIxu29tDtpQOZAuOXuzLgbMJ8=
X-Google-Smtp-Source: ABdhPJxU91Q5uoBAs39JOdyZSKD6dT0+rqY0HEv80f0M/ojbGu7kX+Gj1kesUAx/x9iiwQwBsxvg92gpcKDJLm0Q9zI=
X-Received: by 2002:a2e:b5a8:: with SMTP id f8mr763556ljn.247.1594863475843; Wed, 15 Jul 2020 18:37:55 -0700 (PDT)
MIME-Version: 1.0
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Wed, 15 Jul 2020 18:37:45 -0700
Message-ID: <CAPDSy+60E2fnuAhN1SPVgs5_b0FW7qnU-N709UmuLBt991w=xA@mail.gmail.com>
Subject: Comments on draft-bider-ssh-quic
To: denis bider <denisbider.ietf@gmail.com>
Cc: QUIC <quic@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f165d505aa851625"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/tj8XA7mYIfA9YGI9yqugnR9TEHQ>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2020 01:38:00 -0000
Hi Denis, Thanks for writing draft-bider-ssh-quic <https://datatracker.ietf.org/doc/draft-bider-ssh-quic/>! I've been thinking about SSH over QUIC but never found the time to actually sit down and write anything. I have some comments, mainly on QUIC (I know QUIC better than I know SSH). I don't think your plan to use QUIC short headers without long headers is viable. In QUIC, we use long headers to determine the QUIC version, and also connection IDs. QUIC won't work without that. I see that you exchange that information in SSH_QUIC_INIT/SSH_QUIC_REPLY but that won't work with QUIC load balancers. You're also reinventing something that already works, which will mean additional implementation work. I think it might be simpler to build something closer to QUICv1. For example, you could reuse the QUIC CRYPTO stream in INITIAL packets to perform the SSH key exchange. This would provide multiple features: - QUIC would handle retransmissions for you - there is no longer a size limit on those packets Regarding the obfuscated envelope, I think that's an interesting feature, but it would be even more useful if we could define it as an extension to QUIC in general. That way other application protocols could benefit from it. All in all, this is really great work, but perhaps it would benefit from less changes from regular QUIC. Cheers, David
- Comments on draft-bider-ssh-quic David Schinazi