Add reliable stream retransmission
This commit is contained in:
+12
-10
@@ -202,16 +202,18 @@ be evaluated honestly. Items here are *not* yet "green".
|
||||
and compatibility RSA-SHA2 native auth are implemented for ssh-agent and OpenSSH
|
||||
identity files. RSA remains compatibility-only and deliberately rejects legacy
|
||||
SHA-1 `ssh-rsa` signatures.
|
||||
- **Forwarded stream data is not yet reliable across arbitrary UDP loss.** Terminal
|
||||
frames have retransmit coverage; forwarding streams have flow control and
|
||||
replay/reorder tests, but dropped `StreamData` recovery requires stream
|
||||
retransmission before Dosh should claim TCP-forwarding parity on lossy links.
|
||||
- **Forwarded stream data uses ordered retransmission.** Streams carry byte offsets,
|
||||
cumulative received-offset ACKs, and retransmit unacknowledged chunks as fresh
|
||||
encrypted transport packets. Hostile-network tests cover replay/reorder and
|
||||
server-to-client stream recovery after deliberate UDP loss; broader real-host load
|
||||
soak remains launch evidence.
|
||||
- **Long-soak evidence is a launch gate.** Roaming, retransmit, resize, and
|
||||
multi-client tests exist, and `sleep_roaming_soak_30m` / `make soak-local` provide
|
||||
the 30-minute sleep/roaming gate. That gate should be run and published before
|
||||
public security/reliability claims.
|
||||
- **No external security review yet.** The spec's milestone 5 requires an external
|
||||
review checklist before public security claims. That review has not happened.
|
||||
- **No third-party audit claim.** Dosh maintains a public threat model and hardening
|
||||
checklist, but should not market itself as externally audited unless that actually
|
||||
happens.
|
||||
|
||||
### Auth posture
|
||||
|
||||
@@ -233,7 +235,7 @@ cached attach, and Mosh startup.
|
||||
Current status: this threat model is published (this document). The verification
|
||||
checklist is **not yet fully green** — see the item-by-item status table in
|
||||
`docs/PUBLIC_READINESS.md` ("Native v1 verification checklist status") and the known
|
||||
gaps in section 6 above. Until the gaps close and an external review is complete,
|
||||
Dosh's defensible public claim remains **fast, encrypted native attach/reconnect with
|
||||
SSH-equivalent transport security and SSH bootstrap fallback** — not a fully verified,
|
||||
externally reviewed SSH replacement.
|
||||
gaps in section 6 above. Until the gaps close, Dosh's defensible public claim remains
|
||||
**fast, encrypted native attach/reconnect and forwarding with SSH bootstrap
|
||||
fallback** on Dosh-installed servers, not generic SSH compatibility or a third-party
|
||||
audited security product.
|
||||
|
||||
Reference in New Issue
Block a user