Re: SSH v3?
denis bider <ietf-ssh3@denisbider.com> Sat, 05 December 2015 19:43 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09B621A8AED for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 5 Dec 2015 11:43:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.379
X-Spam-Level: **
X-Spam-Status: No, score=2.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FRT_STOCK2=3.988, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3fJ0kYUjw7qc for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 5 Dec 2015 11:43:31 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 681241A8AF0 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sat, 5 Dec 2015 11:43:29 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id F3FE685F12; Sat, 5 Dec 2015 18:08:20 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id EC6BE85F1C; Sat, 5 Dec 2015 18:07:43 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 98C1E85E9C for <ietf-ssh@netbsd.org>; Thu, 3 Dec 2015 09:53:59 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id DfHuUzunBcRV for <ietf-ssh@netbsd.org>; Thu, 3 Dec 2015 09:53:58 +0000 (UTC)
Received: from skroderider.denisbider.com (skroderider.denisbider.com [50.18.172.175]) (using TLSv1.1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id A9DE685E54 for <ietf-ssh@netbsd.org>; Thu, 3 Dec 2015 09:53:58 +0000 (UTC)
X-Footer: ZGVuaXNiaWRlci5jb20=
Received: from localhost ([127.0.0.1]) by skroderider.denisbider.com for brynosaurus@gmail.com; Thu, 3 Dec 2015 09:53:52 +0000
Date: Thu, 03 Dec 2015 09:53:52 +0000
Subject: Re: SSH v3?
X-User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
Message-ID: <1665779424-2152@skroderider.denisbider.com>
X-Priority: 3
Importance: Normal
In-Reply-To: <566008DF.3030902@gmail.com>
MIME-Version: 1.0
From: denis bider <ietf-ssh3@denisbider.com>
To: Bryan A Ford <brynosaurus@gmail.com>, Niels Möller <nisse@lysator.liu.se>, Markus Friedl <mfriedl@gmail.com>, Damien Miller <djm@mindrot.org>
Cc: ietf-ssh@netbsd.org
Content-Type: multipart/alternative; boundary="=-HZERV3osSwtvrl9LKTVS"
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
On the Linux side, perhaps OpenSSH might indeed have an interest in Minion, as an improvement to its existing capabilities of layer 2 and layer 3 tunneling? On the Windows side, it seems a good bet might be Skype. It's owned by Microsoft, is a major application, and experiences TCP-related problems that Minion would solve. I'm not sure how hard it might be to attract the attention of some Skype developers, but sometimes it can be as easy as Twitter. Bryan A Ford <brynosaurus@gmail.com> , 12/3/2015 9:18 AM: On 12/3/15 3:46 AM, denis bider wrote: > Hey Bryan - > > thank you for sharing this, I was not previously aware of Minion. > > The main issue I see is that Minion /does/ in fact seem to require > modification at the OS level. Even though the changes needed might be > small, this won't fly unless Linux and Windows both decide to support it. Yes, that's indeed the catch. And even though the kernel change required is only like a pretty trivial hundred lines or so (can't remember precisely), we have the chicken-and-egg problem that Linux and Windows kernel devs don't want to upstream it until a "major" user-space application wants to use it, but "major" user-space applications don't want to adopt it until it's supported in mainstream kernels. :/ But if (say) OpenSSH expressed serious interest in adopting Minion, I think that could easily break this chicken-and-egg deadlock. And it shouldn't constitute any "risk" that I can see, since Minion is backward-compatible and incrementally deployable in pretty much all the ways I can envision caring about, including in particular: - (a) if the user-space SSH implementation supports it but the kernel patch isn't present, nothing bad happens other than that endpoint doesn't get the performance benefit of being able to receive packets out-of-order. The SSH implementation basically just calls a setsockopt that the kernel doesn't support, the kernel returns an error, and the SSH implementation returns to in-order business as usual. - (b) if one SSH endpoint (and its kernel) supports Minion but the other endpoint (or its kernel) doesn't, you still get out-of-order performance benefits for traffic flowing in one direction but just not for traffic on the same connection flowing in the other direction. > Most SSH implementations I'm aware of are user-mode implementations, by > organizations and/or volunteers who are not familiar with, and do not > have access to modify, the TCP stack on systems where their SSH > implementation runs. This is certainly true for me, I can't change the > TCP implementation in Windows. I wouldn't suggest it to be the task of SSH developers to implement the Windows/Linux/FoozleOS kernel patches required to support Minion, and there's no reason we should expect every mainstream OS to incorporate the kernel patch any time soon, but you still get incremental benefits as soon as even one OS and one user-space application (e.g., OpenSSH) supports it. And if the SSH community showed enough interest in adopting Minion to consider supporting it in the (next) protocol spec and prototyping it (even experimentally) in at least one SSH implementation, that would provide a much stronger basis on which to argue for the Minion kernel enhancement to be adopted in kernels, breaking the chicken-and-egg problem. > Without underlying platform support, it seems to me the best that SSH > can do is to either (1) implement support for UDP as an ancillary > transport for latency-sensitive traffic, or to (2) migrate wholesale to UDP. > > My "EST" suggestion rebuilds the whole protocol on top of UDP. But > perhaps, implementing support for UDP as an ancillary transport would be > a more compatible fit with current SSH usage. And also, as you point out > in your paper, it would be a better fit for connections where UDP is not > available due to firewall/routing issues. I'm definitely not against designing protocols to be operable atop UDP as well; there are certainly tradeoffs each way. > If you can get Windows + Linux to implement uTCP though, that would have > the benefit of avoiding even the firewall/routing issues still faced by UDP. Exactly, that's one such tradeoff. Another is power efficiency for mobile devices: you can keep a mostly-idle TCP connection open for a lot longer than a mostly-idle UDP connection before typical middleboxes silently time-out and forget the state. (e.g., the BEHAVE spec requires TCP timeouts to be on the order of hours, as I recall, whereas UDP middlebox-state timeouts are typically on the order of minutes.) Cheers Bryan
- Re: SSH v3? Niels Möller
- Re: SSH v3? Niels Möller
- Re: SSH v3? Bryan A Ford
- SSH v3? denis bider
- Re: SSH v3? denis bider
- Re: SSH v3? Bryan Ford
- Re: SSH v3? denis bider
- Re: SSH v3? denis bider
- Re: SSH v3? denis bider
- RE: SSH v3? Peter Gutmann
- RE: SSH v3? Peter Gutmann
- RE: SSH v3? Peter Gutmann
- Re: SSH v3? Stephen Farrell
- Re: SSH v3? Stephen Farrell
- Re: SSH v3? Olivier Bonaventure