-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 12/23/2016 05:18 PM, Jean-Philippe Ouellet wrote: > ... except with decent dom0 disaggregation working out of the box, > and I'm personally making good use of qrexec in a server context > as well. > > Securely accessing dom0 remotely is left as an exercise for the > reader. ;) >
I'm intrigued. How is qrexec utilized? qrexec is better than networked access in the case of Qubes because it is verified through dom0, which is part of the TCB. If you can't access dom0, qrexec is default allowed, which removes the added security of it. If you're remotely accessing dom0, you're adding the networking stack to the TCB, and once again have a basic Xen installation with extra unnecessary overhead. qrexec with a networked dom0 doesn't seem anymore secure than using SSH to run remote scripts between networked VMs. - -- kulinacs <nickl...@kulinacs.com> -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEPL+ie5e8l/3OecVUuXLc0JPgMlYFAlhdrX4ACgkQuXLc0JPg MlalzRAAgKmZPLtbbkuEyRr3fyJVDjxLwrV20c+WdtH/t9Snx//RPdLPmhEkqMTM D4fscVTjjJzjXFg5m5JGZQpPKiZgENEwYxgnuyqIxWg7gcySr83lXCGRdL64u1n8 r5ydg42R7gqaeS8fh+Fkhxext+4PmOGieinh9FZRPYc+eT+VWsbZvMK7Yhso1bZO U64JroC8O/JwUzJOl9VhqHChRjcbcxQszbyQadFT0QpEZ5HUoVcuW5nSj5w7jttJ lCV8CkIOMwGDuzaZJU3b2dRIxMqe2C4wQRtlsXHTO9JANN4S22z+OBlfkb/KhxGB d6caVxqgj0wgg0xWX7Fz5LBpNQtrL5xqBDVDMil3KSRsHEjJb23Ky6opJyJNaMWW jtvShsp6fFZD18262ZwUwwqRMYV6sE4a3nITAo3yoIRaT3LHBKnUBHXuRqxKYJPf AmkQAbyovsDKJ/9GHhHnOPLNunJqx/2pjuO4SaT1/7/+vb/ARXLmsq10jXdYKDsF o2XeC3DisRlStU5/vXXOx4NW4cbj21a9hyaQ9pQxEv9QOi/0kDSdVzXyaw6qR3U+ cXMBYplL2ZnrjXCPpmZY4wI92STATMMgw/Vb8ZSbeSRKiaFYHrQv2SpFvMRW6VK1 4tPTkLF242cTUzkOFWtvD8kMwvHy1aGx/hfm1r11TlvPQHXgTzg= =2+BL -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/84d8b7d8-4f21-3d3d-7b4a-955a66d0a705%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
