-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A few questions #57
Comments
Hey, thanks for this issue that summarizes very well common questions currently raised by people.
Exactly two people wrote the article: Olivier Bonaventure my thesis advisor and myself. But let's be clear: security issues will occur, and that is the case for every written piece of software, and I am fine with that. I hope that people will find these issues and contact me in a responsible disclosure manner.
Both. This project was released as an artifact for a submitted journal paper. I strongly believe in the project and the ideas, but I was not expecting that level hype that soon, especially before the article was even published. So I was mainly relying on community feedback to make the project stronger and more robust. Now, I also started discussing with people doing audits, if it goes somewhere concrete, everything will be made public for everyone. I welcome everyone to help me on that. I just hope that people will release security issues in a reponsible disclosure manner.
Yes, I contacted one OpenSSH developer a few weeks ago, before I released the project. The mail exchange was courteous and short. The takeway was that they have no appetite in using either QUIC or TLS anytime soon, one of the reason is that it would be breaking a good part of the existing mechanisms, compatibility with OpenSSH certs, etc.
Sorry, I dare not making it public. :-/ I will also give a comment about the name, some people complain a bit about the name Please keep in mind that this project was originally supposed to hold the artifacts for our article called "Towards SSH3: [...]". This article imagines how SSH could be revisited and how the new version could look like. Calling the repository SSH3 was therefore totally logical to us, especially that we were not expecting that level of traction before the article was released. Honestly, I do not want to change the name, the name of the repository is clear, it is called Thank you for these questions, it is a perfect timing to answer all that ! Thank you for the support and comments, let's make it great all together ! 🚀 |
Is there anything lacking in François' answers to your questions ? If not, can we mark this as close or do you see further actions ? |
This is an interesting project but I have a few questions that don't seem to be raised in the readme.
The text was updated successfully, but these errors were encountered: