Re: OT: SSH3 proposal
They have a pull request open to rename it to “h3sh" - https://github.com/francoismichel/ssh3/pull/87 Hopefully sanity prevails there. Cutting in the namespace line by stealing the next version number with zero backwards compatibility isn’t a great move to gain a user base. Doing so with a security product is exponentially questionable. > On Feb 5, 2024, at 7:15 AM, Paul R. Tagliamonte wrote: > it'd be nice to not add confusion for our users (Oh, should I use ssh or > ssh3, ssh3 must be > the new one!)
Re: OT: SSH3 proposal
I don't usually (ever?) pipe up with my other hat(s) on the @openbsd.org lists -- but -- With my @debian.org hat on, I'll note that we[1] (and I think Fedora too?) took issue with the name "ssh3", since it is not using (or even, frankly, related to) the OpenSSH protocol. It'll parse a few OpenSSH files, but I think that's about it. Don't get me wrong, I love the idea and concept of rethinking protocols and playing with concepts by publishing working code to benchmark based on what we know now -- but it'd be nice to not add confusion for our users (Oh, should I use ssh or ssh3, ssh3 must be the new one!). There was a short email thread about this topic on Debian lists for interested folks, and an upstream bug that was opened to bikeshed the name at https://github.com/francoismichel/ssh3/issues/79 paultag [1] for some limited value of "we", meaning, the people involved in reviewing this package that hasn't been introduced to the distro yet, not some project vote -- "we" here is consensus of a handful of developers, not the project. On Mon, Feb 5, 2024 at 9:48 AM Janne Johansson wrote: > > Den mån 5 feb. 2024 kl 08:28 skrev Carlos Lopez : > > Hi all, > > https://blog.apnic.net/2024/02/02/towards-ssh3-how-http-3-improves-secure-shells/ > > > > Uhmm ... ssh over http/3? What do you think about it? > > The concept of using udp (like wireguard and mosh) to get mobility > between networks seems nice, quic and tls1.3 also sounds ok in > themselves, but there might be some issue with the whole of the > internet services converging into "one ip and one usable port" even if > a machine may have tens of different services. > There is some similarity there with how Microsoft would stick all > services onto tcp/445 and then multiplex it on the server, and that > makes it weird in terms of wanting to firewall off one service but > allow other services to a wider range of clients. > > I get that they are early in the process and all that, but it looks > like there will be a ton of moving parts on the server end to > accommodate this alongside with the web stuff, and this part is less > nice. > > > > -- > May the most significant bit of your life be positive. > -- :wq
Re: OT: SSH3 proposal
Den mån 5 feb. 2024 kl 08:28 skrev Carlos Lopez : > Hi all, > https://blog.apnic.net/2024/02/02/towards-ssh3-how-http-3-improves-secure-shells/ > > Uhmm ... ssh over http/3? What do you think about it? The concept of using udp (like wireguard and mosh) to get mobility between networks seems nice, quic and tls1.3 also sounds ok in themselves, but there might be some issue with the whole of the internet services converging into "one ip and one usable port" even if a machine may have tens of different services. There is some similarity there with how Microsoft would stick all services onto tcp/445 and then multiplex it on the server, and that makes it weird in terms of wanting to firewall off one service but allow other services to a wider range of clients. I get that they are early in the process and all that, but it looks like there will be a ton of moving parts on the server end to accommodate this alongside with the web stuff, and this part is less nice. -- May the most significant bit of your life be positive.
Re: OT: SSH3 proposal
On Mon, Feb 05, 2024 at 07:26:27AM +, Carlos Lopez wrote: > Hi all, > > https://blog.apnic.net/2024/02/02/towards-ssh3-how-http-3-improves-secure-shells/ > > Uhmm ... ssh over http/3? What do you think about it? > > Best regards, > C. L. Martinez > I'm not an ssh dev but it seems like it'd technically *work*, it's just cursed as all hell.
Re: OT: SSH3 proposal
I liked the ability to forward UDP packets as well, but that can be implemented in SSH itself, instead of adding another unnecessary layer. On 2/5/24 04:26, Carlos Lopez wrote: Hi all, https://blog.apnic.net/2024/02/02/towards-ssh3-how-http-3-improves-secure-shells/ Uhmm ... ssh over http/3? What do you think about it? Best regards, C. L. Martinez -- fm