Oh, and the other thing I should mention is that I tend to talk over-time, so I'll try really hard to speed up & leave some Q&A access: if I have said anything materially inacccurate during the talk it would be handy if you could pop that into IRC, so we can do corrections as well as Q&A :-)
-jim Keith Winstein <kei...@mit.edu> wrote: On Wed, Jan 1, 2014 at 11:06 PM, Jim Cheetham <jim.cheet...@otago.ac.nz> wrote: > Currently I'm on at 13:20 WST (Perth, Australia) on Thursday 9 Jan. I don't > know your timezone, but that'll be between 9pm and midnight on *Wednesday* > for the US > (http://www.timeanddate.com/worldclock/fixedtime.html?msg=lca2014mosh&iso=20140109T13&p1=196). > If you could start up a new IRC channel for this, I'll pop it up onscreen > during the Q&A. Ok, Jim, let's do it in #moshqa on irc.freenode.org. I'll be there. If I understand your concern correctly, you are concerned that the mosh-server will decode IP datagrams with any source address. By contrast, SSH relies on TCP, which only looks at incoming IP datagrams with a particular source address. I think where we disagree is that we do not think TCP's filtering by IP source address has a material effect on security. You cannot trust that the IP source address is accurate. In general, one should assume that a bad guy who exfiltrates the SSH session key OR the Mosh session key can take control of the user's account on the server. Both session keys (SSH and Mosh) hold the "keys to the kingdom" in this respect. Of course if a site takes extra steps to make the IP source address trustworthy (e.g. by requiring packets to come from an authenticated VPN), both protocols benefit to some degree. In general, compared with SSH, we think the security of a long-running Mosh session is probably better because (a) Mosh's AEAD cryptography is thought to be safer, (b) Mosh authenticates the framing of each datagram, so is not vulnerable to fake RST and similar DOS attacks (c) Mosh's design is simpler and more conservative (e.g., Mosh has no code running as root), and (d) so far Mosh's emprical security track record is better. Time will tell on all these things, and of course it's appropriate that the security community take its time getting comfortable with Mosh -- we welcome the scrutiny and are happy to participate. Looking forward to your presentation and answering questions if I can help. Best regards, Keith _______________________________________________ mosh-devel mailing list mosh-devel@mit.edu http://mailman.mit.edu/mailman/listinfo/mosh-devel
