Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support 0RTT #37

Open
catern opened this issue Dec 16, 2023 · 1 comment
Open

Support 0RTT #37

catern opened this issue Dec 16, 2023 · 1 comment

Comments

@catern
Copy link

catern commented Dec 16, 2023

Quic supports 0RTT (zero roundtrip connection initiation) for HTTP; perhaps it can support it for SSH3 too?
@francoismichel
Copy link
Owner

There are a few commands, especially monitoring ones, that would indeed benefit from a further-reduced connection establishment time thanks to 0-RTT while still being safe.

0RTT data exchanged over an HTTP/3 connection must be replay-safe, as an on-path attacker could simply replay 0-RTT packets which could allow replaying the executed commands (we don't want an attacker to replay our recently issued apt-get upgrade or worse 😄).

In the same idea, HTTP defines the GET, HEAD, OPTIONS and TRACE method as a replay-safe method to be used with 0-RTT. The CONNECT method used by SSH3 is not replay safe, but we could allow a user to define a set of replay-safe, idempotent commands that could be issued in single-command, non-interactive sessions using 0-RTT. That could be helpful for monitoring purposes, for instance. (e.g., issuing the df or free command. We discuss it a bit in our SSH3 article whose preprint is available here, Section 6.2: https://arxiv.org/pdf/2312.08396.pdf.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@catern @francoismichel