[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] MirageOS AppVMs on Qubes

  • To: mirageos-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Hannes Mehnert <hannes@xxxxxxxxxxx>
  • Date: Thu, 26 Nov 2015 16:49:08 +0100
  • Delivery-date: Thu, 26 Nov 2015 15:49:50 +0000
  • List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>
  • Openpgp: id=11B5464249B5BD858FFF6328BC896588DF7C28EE

On 11/25/2015 17:22, Thomas Leonard wrote:
> On 23 November 2015 at 12:35, Anil Madhavapeddy <anil@xxxxxxxxxx> wrote:
>> Also, I just ran across this nicely privilege separated TLS daemon:
>> https://www.opsmate.com/titus/

Maybe a tlstunnel using Mirage would be sensible here?  (And maybe
support both client and server side).

> Qubes are also interested in GnuPG. Since 2.1, all private key
> operations are handled by gpg-agent, so we'd probably only have to
> implement that. Anyone know how hard that would be?

The OpenPGP message format is documented in RFC4880, including a custom
run-length encoding of numbers, and various versions etc.  I'm not sure
(and couldn't easily find) whether it makes sense to support old
versions (I think signature versions 3 and 4 are sensible, but maybe 3
could be dropped as well).

It is lengthy, the upside is that (nearly) no ASN.1 is involved.  And
most of the crypto primitives are supported in ocaml-nocrypto.  Would be
a fun project.  I'd expect it to take 2 months full-time for me.

Certainly, adding gpg agents "protocol" would take some more time as well.

If someone has energy and resources for OpenPGP: I'm happy to help out,


Attachment: signature.asc
Description: OpenPGP digital signature

MirageOS-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.