You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are a few commands, especially monitoring ones, that would indeed benefit from a further-reduced connection establishment time thanks to 0-RTT while still being safe.
0RTT data exchanged over an HTTP/3 connection must be replay-safe, as an on-path attacker could simply replay 0-RTT packets which could allow replaying the executed commands (we don't want an attacker to replay our recently issued apt-get upgrade or worse 😄).
In the same idea, HTTP defines the GET, HEAD, OPTIONS and TRACE method as a replay-safe method to be used with 0-RTT. The CONNECT method used by SSH3 is not replay safe, but we could allow a user to define a set of replay-safe, idempotent commands that could be issued in single-command, non-interactive sessions using 0-RTT. That could be helpful for monitoring purposes, for instance. (e.g., issuing the df or free command. We discuss it a bit in our SSH3 article whose preprint is available here, Section 6.2: https://arxiv.org/pdf/2312.08396.pdf.
Quic supports 0RTT (zero roundtrip connection initiation) for HTTP; perhaps it can support it for SSH3 too?
The text was updated successfully, but these errors were encountered: