IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: SSH v3?
TCP is not reliable:
- On connections prone to random errors (wireless), large transfers are bound for disconnects at a rate of 2^-16 per error. TCP just corrupts the data in this case. SSH detects the corruption, but cannot recover from it.
- A TCP connection can be reset by a single spoofed RST packet from anyone who knows the IP address and port number of one of the end points.
Further:
- TCP prevents efficient tunneling of datagram flow over an SSH session: introduces unnecessary lag to maintain stream abstraction for applications that don't need it.
TCP is neither reliable, nor secure. Its weaknesses break SSH sessions beyond recovery. It's the single biggest weakness of SSH in practice.
----- Original Message -----
From: Niels "Möller"
Sent: Tuesday, December 1, 2015 05:51
To: denis bider
Cc: Damien Miller ; Simon Tatham ; Simon Josefsson ; ietf-ssh%netbsd.org@localhost
Subject: Re: SSH v3?
denis bider <ietf-ssh3%denisbider.com@localhost> writes:
> SSHv3 is based on UDP, not TCP.
Why??? To me, a reliable byte stream as provided by tcp seems like a
building block fitting ssh needs pretty well.
If you want to do that, and support filetransfers or anything else with
the potential to use significant bandwidth, and get it blessed by ietf,
you'd have to implement your own congestion control.
Not that I have anything against congestion control work in general. I
have even given in to the temptation and designed my own, during my phd
studies. See https://www.lysator.liu.se/~nisse/network-book/. But I
don't think this is the right place for congestion control work.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
Home |
Main Index |
Thread Index |
Old Index