←back to thread

SSH3: Faster and rich secure shell using HTTP/3

(github.com)
532 points tempaccount420 | 3 comments | 27 Sep 25 14:27 UTC | HN request time: 0.812s | source
Show context
temp0826 ◴[27 Sep 25 15:22 UTC] No.45396500[source]
I don't know why it makes me a little sad that every application layer protocol is being absorbed into http.
replies(9): >>45396579 #>>45396700 #>>45396749 #>>45396886 #>>45396904 #>>45398062 #>>45398924 #>>45400059 #>>45421671 #
1. codedokode ◴[27 Sep 25 22:59 UTC] No.45400059[source]
This is actually good because every protocol ideally must look the same to make traffic shaping and censorship harder. Either random stream of bytes or HTTP.

If you are designing a protocol, unless you have a secret deal with telcos, I suggest you masquerade it as something like HTTP so that it is more difficult to slow down your traffic.

replies(1): >>45400183 #
2. doublerabbit ◴[27 Sep 25 23:21 UTC] No.45400183[source]
It's been known they throttle HTTP too.

So your super speedy HTTP SSH connection then ends up being slower than if you just used ssh. Especially if your http traffic looks rogue.

At least when its its own protocol you can come up with strategies to work around the censorship.

replies(1): >>45404330 #
3. codedokode ◴[28 Sep 25 13:53 UTC] No.45404330[source]
No. If you masquerade as HTTPS you can set your SNI to trump.example.com or republicans.example.com and nobody would dare to slow down this traffic. If you have a custom, detectable protocol then you already lost the game.

There is not only censorship, but traffic shaping when some apps are given a slow lane to speed up other apps. By making your protocol identifiable you gain nothing good.