Re: Binary packet protocol rethink
Simon Josefsson <simon@josefsson.org> Fri, 27 November 2015 08:55 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 746AD1AD481 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Fri, 27 Nov 2015 00:55:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.185
X-Spam-Level:
X-Spam-Status: No, score=-2.185 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RP_MATCHES_RCVD=-0.585] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zue_f5IWJ7qh for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Fri, 27 Nov 2015 00:54:55 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFD691AD49D for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Fri, 27 Nov 2015 00:54:53 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 899A214A2C7; Fri, 27 Nov 2015 08:54:46 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id B41E514A2CB for <ietf-ssh@netbsd.org>; Fri, 27 Nov 2015 08:54:41 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id CiaKu6XQLcYz for <ietf-ssh@netbsd.org>; Fri, 27 Nov 2015 08:54:40 +0000 (UTC)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 5A90814A1E4 for <ietf-ssh@netbsd.org>; Fri, 27 Nov 2015 08:54:37 +0000 (UTC)
Received: from latte.josefsson.org ([155.4.17.2]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id tAR8sNuw007337 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Fri, 27 Nov 2015 09:54:24 +0100
From: Simon Josefsson <simon@josefsson.org>
To: nisse@lysator.liu.se
Cc: Simon Tatham <anakin@pobox.com>, ietf-ssh@netbsd.org
Subject: Re: Binary packet protocol rethink
References: <87egfdxebo.fsf@latte.josefsson.org> <87egfdxebo.fsf@latte.josefsson.org> <nny4dksr3i.fsf@armitage.lysator.liu.se> <1448554180-sup-7145@atreus.tartarus.org> <nntwo8sdau.fsf@armitage.lysator.liu.se>
OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt
X-Hashcash: 1:22:151127:ietf-ssh@netbsd.org::6P2pDR7q96ObbKD/:2gZV
X-Hashcash: 1:22:151127:nisse@lysator.liu.se::fxnQX1IrLXtL4DUp:3ROH
X-Hashcash: 1:22:151127:anakin@pobox.com::tqRIEpD8iIqg7cFv:nTHH
Date: Fri, 27 Nov 2015 09:54:22 +0100
In-Reply-To: <nntwo8sdau.fsf@armitage.lysator.liu.se> ("Niels \=\?iso-8859-1\?Q\?M\=F6ller\=22's\?\= message of "Thu, 26 Nov 2015 21:42:17 +0100")
Message-ID: <874mg7yg8x.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se
X-Virus-Status: Clean
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
nisse@lysator.liu.se (Niels Möller) writes: > The problem is the interactivity. Let's consider the simplest example > (but I'm not saying this example captures all essentials of the > problem). Say I let my shell connection idle for some time, then I type > a couple of characters, and I want a timely response before I type the > next command. Then my typing has to correspond to a TCP segment that can > be decrypted and authenticated and passed on to the remote shell. With > the current ssh protocol, that TCP segment will carry a single > CHANNEL_DATA packet, possibly in combination with fragments of IGNORE > messages and possibly other piggybacking messages, e.g., WINDOW_ADJUST. > > To hide the user's typing from traffic analysis is a tradeoff, with > varying amounts of cover traffic (preferably including responses; > there's maybe some use for an IGNORE_CONTENTS_BUT_PLEASE_REPLY message > type). In libssh2 there is a keepalive message that can be sent regulary. It is a SSH_MSG_GLOBAL_REQUEST with the want-reply bit set. It should be replied to (typically with a SSH_MSG_REQUEST_FAILURE message). That said, I'm also skeptic whether this is an effort that will pan out. I don't see the problem statement sufficiently strong to motivate work. In general that may be because the idea is too weak, but can also be that the problem statement is not fleshed out well enough. Right now it is hard to tell which case applies, but the end result is the same (=nothing will happen). /Simon
- ChaCha20-Poly1305 for SSH Simon Josefsson
- Re: ChaCha20-Poly1305 for SSH Niels Möller
- Re: Binary packet protocol rethink Niels Möller
- Binary packet protocol rethink (was: Re: ChaCha20… Simon Tatham
- Re: Binary packet protocol rethink Simon Josefsson
- RE: Binary packet protocol rethink (was: Re: ChaC… Peter Gutmann
- RE: Binary packet protocol rethink (was: Re: ChaC… Damien Miller
- Re: ChaCha20-Poly1305 for SSH Damien Miller
- Re: Binary packet protocol rethink (was: Re: ChaC… Damien Miller
- Re: Binary packet protocol rethink (was: Re: ChaC… Mark D. Baushke
- Re: ChaCha20-Poly1305 for SSH Niels Möller
- RE: Binary packet protocol rethink (was: Re: ChaC… Peter Gutmann
- Re: Binary packet protocol rethink Niels Möller
- RE: Binary packet protocol rethink Peter Gutmann
- RE: Binary packet protocol rethink Simon Tatham
- Re: Binary packet protocol rethink (was: Re: ChaC… Simon Josefsson
- Re: Binary packet protocol rethink Niels Möller
- Re: Binary packet protocol rethink Niels Möller
- Re: Binary packet protocol rethink Niels Möller
- Re: Binary packet protocol rethink Bryan Ford
- Re: Binary packet protocol rethink Bryan Ford
- RE: Binary packet protocol rethink Peter Gutmann
- RE: Binary packet protocol rethink Peter Gutmann
- Re: Binary packet protocol rethink Niels Möller
- Re: Binary packet protocol rethink Niels Möller
- RE: Binary packet protocol rethink Peter Gutmann
- Re: Binary packet protocol rethink Bryan Ford
- Re: ChaCha20-Poly1305 for SSH Stefan Bühler
- Re: ChaCha20-Poly1305 for SSH Niels Möller
- Re: ChaCha20-Poly1305 for SSH Stefan Bühler
- Re: ChaCha20-Poly1305 for SSH Niels Möller
- Re: ChaCha20-Poly1305 for SSH Damien Miller
- Re: ChaCha20-Poly1305 for SSH Stefan Bühler
- Re: ChaCha20-Poly1305 for SSH Damien Miller