Q: Has your secure datagram protocol been audited by experts?
No. Mosh is actively used and has been read over by security-
minded crypto nerds who think its design is reasonable, but any
novel datagram protocol is going to have to prove itself, and
SSP is no exception. We use the reference implementations of
AES-128 and OCB, and we welcome your eyes on the code. We think
the radical simplicity of the design is an advantage, but of
course others have thought that and have been wrong. We don't
doubt it will (properly!) take time for the security community
to get comfortable with mosh.
