RE: Binary packet protocol rethink

[Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>]

Niels Möller <nisse%lysator.liu.se@localhost> writes:

>I implemented the type of hiding we're discussing almost a decade ago, and 
>I'm using it daily. Now, I'm not working on lsh as actively these days as 
>I'd like, but I'd really like this part to get better, not worse.

Ah, so it was lsh, not OpenSSH, my bad.  It'd be interesting to get some 
guidance on what works and what doesn't, for example if you're doing bulk
file transfers it's easy enough to traffic-shape (and my code does that
if possible, mostly to optimise network performance), but when you get into
things like interactive traffic or variable-size messages that have to be
sent right now (e.g. alerts/logging data), there's not much you can do
beyond padding it.

In addition a lot of SSH is produced as add-on libraries, for which the 
traffic being passed is opaque (and it's the same for TLS).  So the
traffic-shaping needs to be controlled by the developer that's using the 
library, not the library author, and that's probably not going to happen.
One side can't take responsibility for the issue, and the other side
doesn't want to because they have more pressing things to deal with.

I'm not aware of any comprehensive analysis/guidance on dealing with these
issues...

Peter.