Re: Secure Shell WG: what's left?

[der Mouse <mouse%Rodents.Montreal.QC.CA@localhost>]

> Apart from the lack of support[*] for forwarding multiple X or agent
> sockets in the protocol, I was concerned about users coming to depend
> on connection sharing to enforce sufficient separation between
> sessions with different privilege.  In particular, the risk of timing
> attacks, etc.

As reasonable a concern as that is in general, I have trouble getting
worried about it when the two conceptual connections are perforce
authenticated as not only the same user, but with the same
authentication method and data.

I have even more trouble getting worried about it with respect to agent
and X forwarding when waving off the same issues as they apply to
ordinary data flow (necessarily; there is no choice about this when
doing connection sharing, unless you're prepared to do some kind of
traffic shaping on the sub-connections, which is Hard given the
ignorance the ssh code generally has of the underlying network
characteristics).

Perhaps this just reflects a difference in our target audiences, or
more precisely in the threat models that are lurking in our minds when
we make choices like these.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse%rodents.montreal.qc.ca@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B