Hey everyone,
I noticed that QUIC - a secure, multi-stream replacement for TLS over TCP - is close to standardization at the IETF.
For at least 7 years now, I've been pondering that TCP is a poor transport for SSH and should be replaced by UDP. However, it has always looked like a lot of work.
Now, most of the work seems to have been done by QUIC. There's also a nifty implementation by Cloudflare which has a liberal BSD license and seems very suitable to adaptation for SSH. It nicely separates the TLS handshake so it can be pulled out while the TLS cipher suites are kept: this makes it easy to replace the TLS handshake with an SSH-friendly key exchange.
With this inspiration, I wrote an SSH/QUIC spec which fixes all of the architectural problems I can think of in SSH from experience over the years:
The HTML version of the draft has the most reader-friendly presentation - I suggest using that one.
I wonder if anyone is interested in implementing this. I'm seriously considering it, probably based on Quiche. I've forked it already, but I haven't yet done real work:
https://github.com/denisbider/QuiSSHdenis