Xen project Mailing List

Re: [MirageOS-devel] Thinking out loud about secure unikernal communication over the internet

To: Anil Madhavapeddy <anil@xxxxxxxxxx>

From: Jon Crowcroft <Jon.Crowcroft@xxxxxxxxxxxx>

Date: Sat, 06 Sep 2014 14:00:30 +0100

Comments: In-reply-to Anil Madhavapeddy <anil@xxxxxxxxxx> message dated "Sat, 06 Sep 2014 14:45:03 +0200."

Delivery-date: Sat, 06 Sep 2014 13:00:38 +0000

List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

i nice simple protocol to try is TFTP In missive <1D234FB7-E577-4FDC-96A4-B95354707B44@xxxxxxxxxx>, Anil Madhavapeddy typed: >>Content-Type: text/plain; >> charset=us-ascii >> >>Hi Stephen, >> >>It's definitely possible to come up with new protocols, but you need to = >>be very careful when designing them. Where possible, we're currently = >>preferring to follow existing protocols to ensure that we don't end up = >>in a situation of having experimental protocols layered on experimental = >>implementations, leading to overall instability. >> >>This doesn't stop any interested community members from building = >>independent implementations of protocols such as the Silent Circle one = >>below -- feel free to ask any questions here as you go about the = >>implementation! I'm personally working on integrating the OCaml TLS = >>stack into our I/O layer first though, to give us SSL interop as a good = >>baseline protocol. >> >>best, >>Anil >> >>On 6 Sep 2014, at 02:40, Stephen Mack <smack815@xxxxxxxxx> wrote: >> >>> Hello everyone, >>>=20 >>> With all the buzz about hacking lately, I have been thinking a lot = >>about security. Since our mirage unikernals will be living all over the = >>internet, they will be needing a secure way to talk to each and to move = >>data around. >>>=20 >>> There are of course a lot of different protocols such as HTTPS or the = >>alphabet soup of VPN protocols. >>>=20 >>> It would however be nice to keep to our unikernal roots and have a = >>quick and secure protocol that could be spun up and used quickly and = >>efficiently then destroyed. >>>=20 >>> I would love to hear ideas from the community. >>>=20 >>> I have recently discovered a new IM protocol being developed by Silent = >>Circle called SCIMP. One of it's benefits is that the secret key = >>changes with each message so if someone is recording and saving your = >>traffic, they can never get access to old messages with the current key. >>>=20 >>> https://silentcircle.com/scimp-protocol >>>=20 >>> It would be good for Mirage to be secure out of the box. >>>=20 >>> --Stephen >>> _______________________________________________ >>> MirageOS-devel mailing list >>> MirageOS-devel@xxxxxxxxxxxxxxxxxxxx >>> http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel >> >> >>--Apple-Mail=_9B498471-CA01-4C5F-A1E6-4AC11C67DA63 >>Content-Transfer-Encoding: quoted-printable >>Content-Type: text/html; >> charset=us-ascii >> >><html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = >>charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; = >>-webkit-nbsp-mode: space; -webkit-line-break: = >>after-white-space;"><div>Hi Stephen,</div><div><br></div><div>It's = >>definitely possible to come up with new protocols, but you need to be = >>very careful when designing them.  Where possible, we're currently = >>preferring to follow existing protocols to ensure that we don't end up = >>in a situation of having experimental protocols layered on experimental = >>implementations, leading to overall = >>instability.</div><div><br></div><div>This doesn't stop any interested = >>community members from building independent implementations of protocols = >>such as the Silent Circle one below -- feel free to ask any questions = >>here as you go about the implementation!  I'm personally working on = >>integrating the OCaml TLS stack into our I/O layer first though, to give = >>us SSL interop as a good baseline = >>protocol.</div><div><br></div><div>best,</div><div>Anil</div><div><br></di= >>v>On 6 Sep 2014, at 02:40, Stephen Mack <<a = >>href=3D"mailto:smack815@xxxxxxxxx";>smack815@xxxxxxxxx</a>> = >>wrote:<br><div><br class=3D"Apple-interchange-newline"><blockquote = >>type=3D"cite"><div dir=3D"ltr">Hello everyone,<div><br></div><div>With = >>all the buzz about hacking lately, I have been thinking a lot about = >>security.  Since our mirage unikernals will be living all over the = >>internet, they will be needing a secure way to talk to each and to move = >>data around.</div><div><br></div><div>There are of course a lot of = >>different protocols such as HTTPS or the alphabet soup of VPN = >>protocols.</div><div><br></div><div>It would however be nice to keep to = >>our unikernal roots and have a quick and secure protocol that could be = >>spun up and used quickly and efficiently then = >>destroyed.</div><div><br></div><div>I would love to hear ideas from the = >>community.</div><div><br></div><div>I have recently discovered a new IM = >>protocol being developed by Silent Circle called SCIMP.  One of = >>it's benefits is that the secret key changes with each message so if = >>someone is recording and saving your traffic, they can never get access = >>to old messages with the current key.</div><div><br></div><div><a = >>href=3D"https://silentcircle.com/scimp-protocol";>https://silentcircle.com/= >>scimp-protocol</a><br></div><div><br></div><div>It would be good for = >>Mirage to be secure out of the = >>box.</div><div><br></div><div>--Stephen</div></div> >>_______________________________________________<br>MirageOS-devel = >>mailing list<br><a = >>href=3D"mailto:MirageOS-devel@xxxxxxxxxxxxxxxxxxxx";>MirageOS-devel@xxxxxxx= >>enproject.org</a><br>http://lists.xenproject.org/cgi-bin/mailman/listinfo/= >>mirageos-devel<br></blockquote></div><br></body></html>= >> >>--Apple-Mail=_9B498471-CA01-4C5F-A1E6-4AC11C67DA63-- >> >> >>--===============7306049420106967410== >>Content-Type: text/plain; charset="us-ascii" >>MIME-Version: 1.0 >>Content-Transfer-Encoding: 7bit >>Content-Disposition: inline >> >>_______________________________________________ >>MirageOS-devel mailing list >>MirageOS-devel@xxxxxxxxxxxxxxxxxxxx >>http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel >> >>--===============7306049420106967410==-- >> cheers jon _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.