On Sun, Jan 19, 2014 at 4:23 AM, carlo von lynX <[email protected]> wrote: > ... >> The highest level of "this feature" would be if this "Mock JS" could have >> full WebRTC functionality ;) > > Dunno, WebRTC is so prone to MITM. > I'd rather have something secure.
as mentioned before, do WebRTC over private address space, like IPv6 ORCHID identifiers based on cryptographic identities. then you can easily move sensitive crypto outside the browser, (outside current user, even outside current domU). in the case of hidden services, you'd map to onions for TUN endpoints which bring up ORCHID identifiers based on hidden service private key digest. if browser is hacked sideways, you expose ephemeral context of current browser process, history, sessions, cache, etc, but keep long lived keys and identities protected outside the dirty cesspool that is your browser swimming naked in sewage. (aka: contemporary software using data networks built without your interests at heart) for the Tor example: - Qubes dom0 (ring -X): handles launching the following VMs which together implement the system discussed: - Disposable Chromium/FFox VM supporting WebRTC, DNS AAAA petnames->ORCHID IPv6 - FirewallVM which forces all traffic over hidden address space to ORCHIDvm, or drops it. (and prunes much needless IPv6 *cast chatter) - ORCHIDvm maps incoming IPv6 connections and AAAA lookups to Tor hidden services, and forces all upstream traffic over Tor or drops it. this is where the ORCHID tun device lives and is bound. - TorVM runs the Tor client/relay and hidden services; any control port access via domU console, not remote. - NetworkVM finally delivers the intended data to and from the selected network device preferably using VT-d/IOMMU extensions to isolate this network device from other devices or domUs. ^- this is how i would prefer to use a browser :) pointing the browser at localhost is a similar intent and separation, as demonstrated and discussed by Tony Arcieri in cryptosphere. best regards, -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
