<div dir="ltr">I like the idea of a relay or proxy -- the problem I've been having is that it's hard for the relay to let the client roam securely unless it can verify that datagrams coming in from a new source address are authentic. But it can't verify that unless it has the plaintext session key, which (1) ideally it would not have (2) even if you did give it to the proxy, how would you set up the UX to do that in a sane way?<div>
<br></div><div>Perhaps in a protocol revision, we should thing about using an Ed25519 signature so that a chain of proxies along the way can authenticate the datagram without also needing to be able to decrypt.</div><div>
<br></div><div>-Keith</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Mar 31, 2014 at 11:41 AM, Richard Perry Woodbury III <span dir="ltr"><<a href="mailto:rpwoodbu@mybox.org" target="_blank">rpwoodbu@mybox.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Your intuition about the lag-friendly interface being rendered useless is correct. It is critical for the client and server to be on opposite sides of the source of lag. Otherwise you get really bizarre effects, like predictive text getting erased and then redrawn in a flash.<br>
<div><br></div><div>I've been contemplating a Mosh Relay that uses a basic NAT traversal technique, so it can run on any machine with public Internet access and doesn't require any special network configuration. I have a proof-of-concept working. If there's sufficient interest, I may flesh it out.</div>
<div><br></div><div>Richie</div><div class="HOEnZb"><div class="h5"><br><div>On Mon Mar 31 2014 at 4:12:42 AM, David Seaward <<a href="mailto:dseaward925@gmail.com" target="_blank">dseaward925@gmail.com</a>> wrote:</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Vincent and Mark,<br>
<br>
Thanks for your feedback, it was very helpful. I will look into an SSH<br>
intermediary (mosh-client > mosh-server > ssh > endpoint) as a<br>
solution.<br>
<br>
My primary motivation is the lag-friendly mosh interface, rather than<br>
the connection per se, which makes me wonder if both the mosh client<br>
and server could be on my local machine, which itself makes the<br>
tunneled/ProxyCommand ssh connection with a regular tunnel or similar.<br>
The connection benefits are obviously lost, but I suspect even the<br>
lag-friendly interface would be rendered useless. An experiment for<br>
another day.<br>
<br>
I have summarized your helpful responses as an answer to my SU<br>
question. Thanks again!<br>
<br>
David<br>
<br>
On Fri, Mar 28, 2014 at 6:10 PM, Vincent Lefevre<br>
<<a href="mailto:vincent-mosh@vinc17.net" target="_blank">vincent-mosh@vinc17.net</a>> wrote:<br>
> On 2014-03-28 17:08:00 +0200, David Seaward wrote:<br>
>> Ah, this is more complicated than I thought :D<br>
>><br>
>> I thought it was going to be one of:<br>
>><br>
>> a) mosh-client - ssh - ssh - mosh-server<br>
>><br>
>> ...where "ssh - ssh" may be some kind of transparent hop, or<br>
>><br>
>> b) mosh-client - mosh-? - mosh-? - mosh-server<br>
>><br>
>> ...with funky configuration on the hops.<br>
><br>
> With stone (or similar UDP repeater), if I understand correctly,<br>
> I was thinking of:<br>
><br>
> mosh-client - stone - mosh-server<br>
><br>
> or<br>
><br>
> mosh-client - stone - stone - mosh-server<br>
><br>
> for 2 gateways.<br>
><br>
> --<br>
> Vincent Lefèvre <<a href="mailto:vincent@vinc17.net" target="_blank">vincent@vinc17.net</a>> - Web: <<a href="https://www.vinc17.net/" target="_blank">https://www.vinc17.net/</a>><br>
> 100% accessible validated (X)HTML - Blog: <<a href="https://www.vinc17.net/blog/" target="_blank">https://www.vinc17.net/blog/</a>><br>
> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)<br>
> ______________________________<u></u>_________________<br>
> mosh-users mailing list<br>
> <a href="mailto:mosh-users@mit.edu" target="_blank">mosh-users@mit.edu</a><br>
> <a href="http://mailman.mit.edu/mailman/listinfo/mosh-users" target="_blank">http://mailman.mit.edu/<u></u>mailman/listinfo/mosh-users</a><br>
<br>
______________________________<u></u>_________________<br>
mosh-users mailing list<br>
<a href="mailto:mosh-users@mit.edu" target="_blank">mosh-users@mit.edu</a><br>
<a href="http://mailman.mit.edu/mailman/listinfo/mosh-users" target="_blank">http://mailman.mit.edu/<u></u>mailman/listinfo/mosh-users</a><br>
</blockquote>
</div></div><br>_______________________________________________<br>
mosh-users mailing list<br>
<a href="mailto:mosh-users@mit.edu">mosh-users@mit.edu</a><br>
<a href="http://mailman.mit.edu/mailman/listinfo/mosh-users" target="_blank">http://mailman.mit.edu/mailman/listinfo/mosh-users</a><br>
<br></blockquote></div><br></div>