[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] MirageOS AppVMs on Qubes

On 26 November 2015 at 15:49, Hannes Mehnert <hannes@xxxxxxxxxxx> wrote:
> On 11/25/2015 17:22, Thomas Leonard wrote:
>> On 23 November 2015 at 12:35, Anil Madhavapeddy <anil@xxxxxxxxxx> wrote:
>>> Also, I just ran across this nicely privilege separated TLS daemon:
>>> https://www.opsmate.com/titus/
> Maybe a tlstunnel using Mirage would be sensible here?  (And maybe
> support both client and server side).
>> Qubes are also interested in GnuPG. Since 2.1, all private key
>> operations are handled by gpg-agent, so we'd probably only have to
>> implement that. Anyone know how hard that would be?
> The OpenPGP message format is documented in RFC4880, including a custom
> run-length encoding of numbers, and various versions etc.  I'm not sure
> (and couldn't easily find) whether it makes sense to support old
> versions (I think signature versions 3 and 4 are sensible, but maybe 3
> could be dropped as well).
> It is lengthy, the upside is that (nearly) no ASN.1 is involved.  And
> most of the crypto primitives are supported in ocaml-nocrypto.  Would be
> a fun project.  I'd expect it to take 2 months full-time for me.
> Certainly, adding gpg agents "protocol" would take some more time as well.

What about doing only the agent protocol (mainly PKDECRYPT and PKSIGN)?


> If someone has energy and resources for OpenPGP: I'm happy to help out,

Dr Thomas Leonard        http://roscidus.com/blog/
GPG: DA98 25AE CAD0 8975 7CDA  BD8E 0713 3F96 CA74 D8BA

MirageOS-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.