Thanks Keith. This isn't a crypto conference, and many of the questions I'm asking here are not going to be directly presented, instead they'll be summarised :-) So some of my questions are intended to solicit a sensible response, rather than to support any particular position ...
-jim Keith Winstein <kei...@mit.edu> wrote: On Wed, Jan 1, 2014 at 11:06 PM, Jim Cheetham <jim.cheet...@otago.ac.nz> wrote: > Currently I'm on at 13:20 WST (Perth, Australia) on Thursday 9 Jan. I don't > know your timezone, but that'll be between 9pm and midnight on *Wednesday* > for the US > (http://www.timeanddate.com/worldclock/fixedtime.html?msg=lca2014mosh&iso=20140109T13&p1=196). > If you could start up a new IRC channel for this, I'll pop it up onscreen > during the Q&A. Ok, Jim, let's do it in #moshqa on irc.freenode.org. I'll be there. If I understand your concern correctly, you are concerned that the mosh-server will decode IP datagrams with any source address. By contrast, SSH relies on TCP, which only looks at incoming IP datagrams with a particular source address. I think where we disagree is that we do not think TCP's filtering by IP source address has a material effect on security. You cannot trust that the IP source address is accurate. In general, one should assume that a bad guy who exfiltrates the SSH session key OR the Mosh session key can take control of the user's account on the server. Both session keys (SSH and Mosh) hold the "keys to the kingdom" in this respect. Of course if a site takes extra steps to make the IP source address trustworthy (e.g. by requiring packets to come from an authenticated VPN), both protocols benefit to some degree. In general, compared with SSH, we think the security of a long-running Mosh session is probably better because (a) Mosh's AEAD cryptography is thought to be safer, (b) Mosh authenticates the framing of each datagram, so is not vulnerable to fake RST and similar DOS attacks (c) Mosh's design is simpler and more conservative (e.g., Mosh has no code running as root), and (d) so far Mosh's emprical security track record is better. Time will tell on all these things, and of course it's appropriate that the security community take its time getting comfortable with Mosh -- we welcome the scrutiny and are happy to participate. Looking forward to your presentation and answering questions if I can help. Best regards, Keith _______________________________________________ mosh-users mailing list mosh-users@mit.edu http://mailman.mit.edu/mailman/listinfo/mosh-users
