IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

SSH/QUIC draft



Hey everyone,

I noticed that QUIC - a secure, multi-stream replacement for TLS over TCP - is close to standardization at the IETF.

For at least 7 years now, I've been pondering that TCP is a poor transport for SSH and should be replaced by UDP. However, it has always looked like a lot of work.

Now, most of the work seems to have been done by QUIC. There's also a nifty implementation by Cloudflare which has a liberal BSD license and seems very suitable to adaptation for SSH. It nicely separates the TLS handshake so it can be pulled out while the TLS cipher suites are kept: this makes it easy to replace the TLS handshake with an SSH-friendly key exchange.

With this inspiration, I wrote an SSH/QUIC spec which fixes all of the architectural problems I can think of in SSH from experience over the years:

https://datatracker.ietf.org/doc/draft-bider-ssh-quic/

The HTML version of the draft has the most reader-friendly presentation - I suggest using that one.

I wonder if anyone is interested in implementing this. I'm seriously considering it, probably based on Quiche. I've forked it already, but I haven't yet done real work:

https://github.com/denisbider/QuiSSH

denis



Home | Main Index | Thread Index | Old Index