Hi,
Interesting new direction for SSH (widely used for system admin of
printers), which hasn't
had an active IETF WG for 20 years now - updating it and moving it to run
over HTTP/3
and take advantage of QUIC prior art.
Cheers,
- Ira
---------- Forwarded message ---------
From: François Michel <francois.michel=40uclouvain.be at dmarc.ietf.org>
Date: Wed, Feb 28, 2024 at 7:49 AM
Subject: [Secdispatch] Fwd: New Version Notification for
draft-michel-ssh3-00.txt
To: <alldispatch at ietf.org>
Cc: Olivier Bonaventure <olivier.bonaventure at uclouvain.be>, <
secdispatch at ietf.org>
Hi all,
We're happy to announce that we recently submitted a first design draft
for running SSH/Secure Shells over HTTP, with a focus on HTTP/3. We
would love being able to discuss this document during the ALLDISPATCH
session (I will attend remotely).
We have an open-source working prototype in Go here:
https://github.com/francoismichel/ssh3
Coming from our recent research article, the solution is named SSH3.
We'd be happy to discuss the name/renaming in the future, but we would
first like to discuss the protocol, its architecture and use-cases
before any long naming discussions take place. :-) Its final name will
depend on the path taken by the solution anyway, i.e. whether it will
become a concrete candidate for a new version, an alternate layer for
RFC4252 and RFC4253 or integrated as part of ongoing IETF work (e.g. as
stated in the draft, we can observe synergies with MASQUE).
Among other benefits of this evolution of SSH, we can list UDP port
forwarding (or other protocols such as IP), focusing the specification
on the Connection protocol, reduced connection establishment, better
integration with existing web authentication infrastructures, URL
multiplexing and others. I recommend you to look at the draft for a more
detailed (but still concise) list of the interesting aspects.
The idea is getting quite some public traction (the repo is quite
popular) but we're still in an embryonic state of the proposal. We would
love to have feedback from IETF folks and work together on the future of
the protocol and its architecture. The document is introductory and
there is room for people to participate.
For instance, the short section 7 only introduces the topic of making
this proposal coexist with existing SSHv2 deployments. Defining
mechanisms inspired by how QUIC and HTTP/3 coexist with TCP and HTTP/2
would be really interesting !
I know some people already look at providing other implementations of
the proposal. If it is your case let us know and we can work together
and reach interop. :-)
In case you look at refactoring your existing SSH implementation for
other reasons, it might be easy to also make it compatible with this
proposal since most of the Connection protocol is reused. Existing
QUIC/HTTP libs can be used for the remaining parts.
Don't hesitate to let us know your thoughts, feedback and use-cases !
Regards,
François
-------- Message transféré --------
Sujet : New Version Notification for draft-michel-ssh3-00.txt
Date : Wed, 28 Feb 2024 03:27:39 -0800
De : internet-drafts at ietf.org
Pour : François Michel <francois.michel at uclouvain.be>, Francois Michel
<francois.michel at uclouvain.be>, Olivier Bonaventure
<Olivier.Bonaventure at uclouvain.be>, Olivier Bonaventure
<olivier.bonaventure at uclouvain.be>
A new version of Internet-Draft draft-michel-ssh3-00.txt has been
successfully
submitted by François Michel and posted to the
IETF repository.
Name: draft-michel-ssh3
Revision: 00
Title: Secure shell over HTTP/3 connections
Date: 2024-02-28
Group: Individual Submission
Pages: 18
URL:
https://www.ietf.org/archive/id/draft-michel-ssh3-00.txt
Status:
https://datatracker.ietf.org/doc/draft-michel-ssh3/
HTML:
https://www.ietf.org/archive/id/draft-michel-ssh3-00.html
HTMLized:
https://datatracker.ietf.org/doc/html/draft-michel-ssh3
Abstract:
The secure shell (SSH) traditionally offers its secure services over
an insecure network using the TCP transport protocol. This document
defines mechanisms to run the SSH protocol over HTTP/3 using Extended
CONNECT. Running SSH over HTTP/3 enables additional benefits such as
the scalability offered by HTTP multiplexing, relying on TLS for
secure channel establishment leveraging X.509 certificates, HTTP
Authentication schemes for client and server authentication, UDP port
forwarding and stronger resilience against packet injection attacks
and middlebox interference.
The IETF Secretariat
_______________________________________________
Secdispatch mailing list
Secdispatch at ietf.orghttps://www.ietf.org/mailman/listinfo/secdispatch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20240228/cfb0afcf/attachment.html>