IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
draft-ssh-fixed-bandwidth-00
Hey everyone -
pursuant to the recent discussion about what we can do about traffic analysis, I have written a draft for a mechanism to counter keystroke analysis, and generally provide more privacy for SSH terminal sessions. The first version of the draft is here:
https://tools.ietf.org/html/draft-ssh-fixed-bandwidth-00
This does not go as far as providing a complete blanket of the entire SSH session, since I assume this would currently entail unattractive bandwidth tradeoffs. However, it does seem to me that this will provide much better privacy for SSH terminal sessions, at a very acceptable cost.
The proposed mechanism is not defeated by unencrypted packet lengths. However, if packet lengths are encrypted, it will offer better privacy (fewer packets will stick out like sore thumbs because they can't be broken up, such as large channel requests); and when sending lots of data, it will be more efficient (less overhead due to larger packets allowed).
I have requested my colleagues that we implement this for a future version of our SSH Server and Client.
Comments welcome!
denis
Home |
Main Index |
Thread Index |
Old Index