well, the first thing it does upon receiving a packet is extract any ECN, which is a bit weird to do before deciding it’s a valid packet, but it doesn’t use that until after verifying and decrypting the authenticated (AES-OCB3) ciphertext.

it appears to use the same key in both directions because there is an explicit test that the packet is marked for the right direction. i don’t like it, but it doesn’t look to be an actual problem.

i think i’m seeing a single packet per keystroke, and i’m not seeing a random delay in the code. i find this concerning from a extracting keystrokes from timing perspective. but people are still arguing about whether that’s a real concern for ssh…

(this is not getting into the whole terminal emulator aspect)

which brings me to, i think i trust it a bit less than i did an hour ago? but i’m not dropping it immediately now that i looked at it.