From what I'm seeing, Mosh appears to utilize SSH for initial connection, though the precise method is a bit vague. That is OK, mostly, as SSH rather secure in initial authentication. One has to go to some lengths to make it insecure. How is the reconnect accomplished to avoid potential man in the middle attack or passive gathering to later potentially hijack the session? From the presentation on the website, protocol and session were mixed in the discussion, where to each, each is exclusive. The session level seems to have been discussed far more than anything about securely connecting and what is done to prevent exposure of the connection on reconnection.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ mosh-devel mailing list [email protected] http://mailman.mit.edu/mailman/listinfo/mosh-devel
