> But there is also another case - use separate hardware (or whole zones) > for specific, trusted applications.
The first thing I thought of when the idea of using RPi was mentioned was using an RPi for a USB host, on systems where there's only one USB controller so you can't separate the IO from untrusted USB devices. Qubes Air would let you deploy a secondary usbvm to a RPi to host untrusted USB devices. > Yes, this is one of things we need to carefully design and implement. > Some preliminary ideas include stripping network layer (IP, TCP) in > sys-net, and pass raw encrypted & authenticated data stream to separate > VM over channel. Then decrypt it there. The "encrypted & authenticated" > is also not an easy concept, lets avoid heartbleed. > So, a long way before Qubes Air will become a reality. IMO this is quite easy, the solution has even already been implemented - just host the RDP client in a dedicated VM. The same solution being used to host Windows 10 VMs on Qubes as described here: groups.google.com/forum/#!topic/qubes-users/dB_OU87dJWA You could even potentially strip down the VM so it only has the bare minimum software to host a basic RDP server to reduce overhead. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/smPiHrHe3oN3f_hPYikDY12mQrjeRQ-MyfXOo4apSZ2otrJFym1HK82PDO8GEFxU-kW4qIx5FKwqjgtc57i0b8pekvqO3DtlRixfWP9-y1w%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
