Hi there,
I'm Vladimir Olteanu (or just Vlad, for short), and I'm working on the
SOCKSv6 protocol. It is being discussed at the IETF
(https://tools.ietf.org/html/draft-olteanu-intarea-socks-6-10). The spec
has matured somewhat and is currently undergoing an adoption call at the
Intarea WG.
I would like to get your opinion on this newer version of the protocol,
in particular on how it would work for OpenSSH and what features and
tweaks you'd like to see included.
Version 6's core functionality is roughly equivalent to v4. It is
extensible and has several optional features, like:
* 0-RTT authentication
* A setsockopt()-like mechanism (which can notably be used to request TFO)
* Full support for hosting TCP services behind the proxy
* DNS proxy
* Protection against replays
* Zero (or even negative!) RTT overhead compared to connecting to the
server directly, assuming the proxy is on path
There's also an implementation available on Github:
* Message library: https://github.com/45G/libsocks6msg
* Utility library: https://github.com/45G/libsocks6util
* TCP proxy and transparent proxifier: https://github.com/45G/sixtysocks
The libraries are written in C++, but also have C bindings, so they
could be used for a potential OpenSSH + SOCKSv6 prototype.
Cheers,
Vlad
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev