[mosh-devel] Persistent Connections

Keith Winstein keithw at cs.stanford.edu
Wed Nov 9 20:03:52 EST 2016 

Hello Carlos,

Sounds cool! I think you will need to save every state newer than the
"throwaway number," because the other side is allowed to reference that
state (or any newer state that you have acked) in building a new diff.

My main fear with these saved states is that a user would somehow be able
to try "resuming" the same session twice, from the same save file. That
will result in the same sequence number being reused, which would be
cryptographically catastrophic. So any implementation that allows
"resuming" from a saved state must ensure that the saved state is destroyed
as part of the resumption.

-Keith

On Wed, Nov 9, 2016 at 3:14 PM, Carlos Cabanero <carlosecabanero at gmail.com>
wrote:

> I have started to work on “Persistent Connections” for Blink with great
> success! For background, these are the related GH issues (
> https://github.com/mobile-shell/mosh/issues/394) and (
> https://github.com/blinksh/blink/issues/59).
>
>
> I hacked together - as in I have hardcoded most of the stuff - a simple
> version that is able to save a session to disk and reconstruct it given the
> previous key. Turns out it was all a lot easier than I thought, without
> requiring hardcore object serialisation. States (timestamp, sequence nonce
> and content) can be dropped to disk as if they were going to be sent over
> the network, and reconstructing the states to the initial
> Terminal::Complete and Network::UserStream objects is straightforward with
> the diff functions.
>
>
> There is the question of how many states should be saved, from reading the
> code I guess the answer is all of them, from my test only the latest acked
> one was enough - but again, crappy test.
>
>
> Another obvious security concern as the states contain information from
> the terminal in a completely readable format. Could that be encrypted again
> with the key before saving? In the case of iOS I can save the secure key to
> the keychain. But I think that on top of that, saving the session with a
> Passphrase might be a good idea.
>
>
> I understand that this might only be useful in Blink, but any guidance
> would be appreciated. In the same manner, if you change your opinion, I'm
> more than happy to walk the extra mile and make it work for everyone.
>
>
> Thanks a lot!!
>
> _______________________________________________
> mosh-devel mailing list
> mosh-devel at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mosh-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mosh-devel/attachments/20161109/dbc862cb/attachment.html

More information about the mosh-devel mailing list