[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] Thinking out loud about secure unikernal communication over the internet

Hi Stephen,

It's definitely possible to come up with new protocols, but you need to be very careful when designing them.  Where possible, we're currently preferring to follow existing protocols to ensure that we don't end up in a situation of having experimental protocols layered on experimental implementations, leading to overall instability.

This doesn't stop any interested community members from building independent implementations of protocols such as the Silent Circle one below -- feel free to ask any questions here as you go about the implementation!  I'm personally working on integrating the OCaml TLS stack into our I/O layer first though, to give us SSL interop as a good baseline protocol.


On 6 Sep 2014, at 02:40, Stephen Mack <smack815@xxxxxxxxx> wrote:

Hello everyone,

With all the buzz about hacking lately, I have been thinking a lot about security.  Since our mirage unikernals will be living all over the internet, they will be needing a secure way to talk to each and to move data around.

There are of course a lot of different protocols such as HTTPS or the alphabet soup of VPN protocols.

It would however be nice to keep to our unikernal roots and have a quick and secure protocol that could be spun up and used quickly and efficiently then destroyed.

I would love to hear ideas from the community.

I have recently discovered a new IM protocol being developed by Silent Circle called SCIMP.  One of it's benefits is that the secret key changes with each message so if someone is recording and saving your traffic, they can never get access to old messages with the current key.

It would be good for Mirage to be secure out of the box.

MirageOS-devel mailing list

MirageOS-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.