[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] Thinking out loud about secure unikernal communication over the internet

To: Stephen Mack <smack815@xxxxxxxxx>
From: Anil Madhavapeddy <anil@xxxxxxxxxx>
Date: Sat, 6 Sep 2014 14:45:03 +0200
Cc: mirageos-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Sat, 06 Sep 2014 12:45:12 +0000
List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

Hi Stephen,

It's definitely possible to come up with new protocols, but you need to be very careful when designing them. Where possible, we're currently preferring to follow existing protocols to ensure that we don't end up in a situation of having experimental protocols layered on experimental implementations, leading to overall instability.

This doesn't stop any interested community members from building independent implementations of protocols such as the Silent Circle one below -- feel free to ask any questions here as you go about the implementation! I'm personally working on integrating the OCaml TLS stack into our I/O layer first though, to give us SSL interop as a good baseline protocol.

best,

Anil

On 6 Sep 2014, at 02:40, Stephen Mack <smack815@xxxxxxxxx> wrote:

Hello everyone,

With all the buzz about hacking lately, I have been thinking a lot about security. Since our mirage unikernals will be living all over the internet, they will be needing a secure way to talk to each and to move data around.

There are of course a lot of different protocols such as HTTPS or the alphabet soup of VPN protocols.

It would however be nice to keep to our unikernal roots and have a quick and secure protocol that could be spun up and used quickly and efficiently then destroyed.

I would love to hear ideas from the community.

I have recently discovered a new IM protocol being developed by Silent Circle called SCIMP. One of it's benefits is that the secret key changes with each message so if someone is recording and saving your traffic, they can never get access to old messages with the current key.

https://silentcircle.com/scimp-protocol

It would be good for Mirage to be secure out of the box.

--Stephen
_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

Follow-Ups:
- Re: [MirageOS-devel] Thinking out loud about secure unikernal communication over the internet
  - From: Jon Crowcroft

References:
- [MirageOS-devel] Thinking out loud about secure unikernal communication over the internet
  - From: Stephen Mack

Prev by Date: Re: [MirageOS-devel] Mirage project suggestions for another newcomer
Next by Date: Re: [MirageOS-devel] Thinking out loud about secure unikernal communication over the internet
Previous by thread: [MirageOS-devel] Thinking out loud about secure unikernal communication over the internet
Next by thread: Re: [MirageOS-devel] Thinking out loud about secure unikernal communication over the internet
Index(es):
- Date
- Thread