> I like the idea of a relay or proxy -- the problem I've been having is that > it's hard for the relay to let the client roam securely unless it can verify > that datagrams coming in from a new source address are authentic. But it > can't verify that unless it has the plaintext session key, which (1) ideally > it would not have (2) even if you did give it to the proxy, how would you > set up the UX to do that in a sane way? > > Perhaps in a protocol revision, we should thing about using an Ed25519 > signature so that a chain of proxies along the way can authenticate the > datagram without also needing to be able to decrypt.
I don't think we need the proxy to do verification/validation. We just need something that will easily set up the udp/tcp tunnels over ssh and respawn the ssh connection when it goes down (assuming that password-less ssh logins are configured correctly, and for the mosh client/server to be tested in this environment to figure out what can be done to avoid the packet tampering errors. -- Mark Lee Stillwell mark...@fortawesome.org _______________________________________________ mosh-users mailing list mosh-users@mit.edu http://mailman.mit.edu/mailman/listinfo/mosh-users