<div dir="ltr">How would you propose to let the client roam, if the proxy is unable to authenticate the client's datagrams?<div><br></div><div>One option is to just send replies to the source address of the most recent datagram to arrive on the datagram socket -- authentic or not. But I'm worried this will be too flaky, since it's pretty easy to have stray UDP packets arrive (especially if there might be an old mosh client still sending to the same port number...). And it certainly won't be secure against a malintentioned adversary.</div>
<div><br></div><div>-Keith</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Mar 31, 2014 at 4:52 PM, Mark Stillwell <span dir="ltr"><<a href="mailto:marklee@fortawesome.org" target="_blank">marklee@fortawesome.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">> I like the idea of a relay or proxy -- the problem I've been having is that<br>
> it's hard for the relay to let the client roam securely unless it can verify<br>
> that datagrams coming in from a new source address are authentic. But it<br>
> can't verify that unless it has the plaintext session key, which (1) ideally<br>
> it would not have (2) even if you did give it to the proxy, how would you<br>
> set up the UX to do that in a sane way?<br>
><br>
> Perhaps in a protocol revision, we should thing about using an Ed25519<br>
> signature so that a chain of proxies along the way can authenticate the<br>
> datagram without also needing to be able to decrypt.<br>
<br>
</div>I don't think we need the proxy to do verification/validation. We just<br>
need something that will easily set up the udp/tcp tunnels over ssh<br>
and respawn the ssh connection when it goes down (assuming that<br>
password-less ssh logins are configured correctly, and for the mosh<br>
client/server to be tested in this environment to figure out what can<br>
be done to avoid the packet tampering errors.<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
Mark Lee Stillwell<br>
<a href="mailto:marklee@fortawesome.org">marklee@fortawesome.org</a><br>
</div></div></blockquote></div><br></div>