draft-ssh-fixed-bandwidth-00

To: ietf-ssh%netbsd.org@localhost
Subject: draft-ssh-fixed-bandwidth-00
From: denis bider <ietf-ssh3%denisbider.com@localhost>
Date: Fri, 26 Feb 2016 11:15:07 +0000

Hey everyone -

pursuant to the recent discussion about what we can do about traffic analysis, I have written a draft for a mechanism to counter keystroke analysis, and generally provide more privacy for SSH terminal sessions. The first version of the draft is here:

https://tools.ietf.org/html/draft-ssh-fixed-bandwidth-00

This does not go as far as providing a complete blanket of the entire SSH session, since I assume this would currently entail unattractive bandwidth tradeoffs. However, it does seem to me that this will provide much better privacy for SSH terminal sessions, at a very acceptable cost.

The proposed mechanism is not defeated by unencrypted packet lengths. However, if packet lengths are encrypted, it will offer better privacy (fewer packets will stick out like sore thumbs because they can't be broken up, such as large channel requests); and when sending lots of data, it will be more efficient (less overhead due to larger packets allowed).

I have requested my colleagues that we implement this for a future version of our SSH Server and Client.

Comments welcome!

denis

References:
- Re: AEAD in ssh
  - From: denis bider

Prev by Date: Re: AEAD in ssh
Next by Date: AEAD in SSH: Toss block alignment requirements
Previous by Thread: Re: AEAD in ssh
Next by Thread: RE: AEAD in ssh
Indexes:

Home | Main Index | Thread Index | Old Index