RE: Binary packet protocol rethink

Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 02 December 2015 23:23 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 122FE1A906A for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Wed, 2 Dec 2015 15:23:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.61
X-Spam-Level:
X-Spam-Status: No, score=-1.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MIME_8BIT_HEADER=0.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z7C7So6zT48Q for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Wed, 2 Dec 2015 15:23:35 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AD1B1A1A6A for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Wed, 2 Dec 2015 15:23:35 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 1835685EA4; Wed, 2 Dec 2015 23:23:34 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id AA09C85E94 for <ietf-ssh@netbsd.org>; Wed, 2 Dec 2015 23:23:31 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id 1ytw8x_7oAkY for <ietf-ssh@netbsd.org>; Wed, 2 Dec 2015 23:23:31 +0000 (UTC)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id A882085E4A for <ietf-ssh@netbsd.org>; Wed, 2 Dec 2015 23:23:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1449098610; x=1480634610; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=wpqhHLE7RfQTccDRHlGB5pFArwlp+bC8fc9p+1EKmOw=; b=Y1JLqEzV2BTl5hXkpq3TFcXSAnUcYJS5FGJ+D/iUzFc4P/pLI3x63aCI uDNidiM2XNh3/Yk6BQ2ZAFywjOw3gMk6IXO+ghMUFpVa6E33FVhAzfdpU pKDXHEQgXNb+PzKrV0gXkTK7gAFPSv32PmznQuynCajBmAuAd3KuXbGuJ mIK4WlLyy7dlP31lpksMKxyXtX/qo0fr1WkMgQsvX+GjZTyjAW8oARP71 x62tzgzQ9XQikYRDLjoV1qh1mnA7Q6CDcfyI65w16wS+zzlcVgHSMkgA7 UBQNdJ2UhtRejvDanc37pKOOSmf55f9iFLqWwmgUU3jTOhODv9ho3SuW/ w==;
X-IronPort-AV: E=Sophos;i="5.20,375,1444647600"; d="scan'208";a="57329158"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.106 - Outgoing - Outgoing
Received: from exchangemx.uoa.auckland.ac.nz (HELO uxchange10-fe2.UoA.auckland.ac.nz) ([130.216.4.106]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 03 Dec 2015 12:23:29 +1300
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.153]) by uxchange10-fe2.UoA.auckland.ac.nz ([130.216.4.106]) with mapi id 14.03.0266.001; Thu, 3 Dec 2015 12:23:29 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Niels Möller <nisse@lysator.liu.se>
CC: Damien Miller <djm@mindrot.org>, Simon Tatham <anakin@pobox.com>, Simon Josefsson <simon@josefsson.org>, "ietf-ssh@netbsd.org" <ietf-ssh@netbsd.org>
Subject: RE: Binary packet protocol rethink
Thread-Topic: Binary packet protocol rethink
Thread-Index: AQHRLPZcMJRbFzQ1ukq+Xs4ulafSe564VSP5
Date: Wed, 02 Dec 2015 23:23:27 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4B97254@uxcn10-5.UoA.auckland.ac.nz>
References: <87egfdxebo.fsf@latte.josefsson.org> <87egfdxebo.fsf@latte.josefsson.org> <nny4dksr3i.fsf@armitage.lysator.liu.se> <1448554180-sup-7145@atreus.tartarus.org> <9A043F3CF02CD34C8E74AC1594475C73F4B857C7@uxcn10-5.UoA.auckland.ac.nz> <alpine.BSO.2.20.1511292228450.12629@natsu.mindrot.org> <9A043F3CF02CD34C8E74AC1594475C73F4B92EF0@uxcn10-5.UoA.auckland.ac.nz> <nn37vnsyoi.fsf@armitage.lysator.liu.se> <9A043F3CF02CD34C8E74AC1594475C73F4B9321A@uxcn10-5.UoA.auckland.ac.nz> <nntwo3raow.fsf@armitage.lysator.liu.se> <9A043F3CF02CD34C8E74AC1594475C73F4B95D3F@uxcn10-5.UoA.auckland.ac.nz>, <nnh9k1oz6o.fsf@armitage.lysator.liu.se>
In-Reply-To: <nnh9k1oz6o.fsf@armitage.lysator.liu.se>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

Niels Möller <nisse@lysator.liu.se> writes:

>I implemented the type of hiding we're discussing almost a decade ago, and 
>I'm using it daily. Now, I'm not working on lsh as actively these days as 
>I'd like, but I'd really like this part to get better, not worse.

Ah, so it was lsh, not OpenSSH, my bad.  It'd be interesting to get some 
guidance on what works and what doesn't, for example if you're doing bulk
file transfers it's easy enough to traffic-shape (and my code does that
if possible, mostly to optimise network performance), but when you get into
things like interactive traffic or variable-size messages that have to be
sent right now (e.g. alerts/logging data), there's not much you can do
beyond padding it.

In addition a lot of SSH is produced as add-on libraries, for which the 
traffic being passed is opaque (and it's the same for TLS).  So the
traffic-shaping needs to be controlled by the developer that's using the 
library, not the library author, and that's probably not going to happen.
One side can't take responsibility for the issue, and the other side
doesn't want to because they have more pressing things to deal with.

I'm not aware of any comprehensive analysis/guidance on dealing with these
issues...

Peter.