Re: [qubes-users] Split PGP threat model questions
On 2020-09-17 01:18, unman wrote: On Thu, Sep 17, 2020 at 12:41:56AM +, uro2204nk81jeorn wrote: Let's say I have created a general purpose domain for storing EVERY subkey I create, what kind of implications could this have? Am I leaking multiple identities every time I use the gpg wrapper? Where can I read deeper into the design as well? I'm assuming you have read: https://www.qubes-os.org/doc/split-gpg The "Discussions" referenced at the bottom of that page are a good guide. As to the risks in storing all your keys in the same qube, there *is* a danger, in that an attacker who gained access to a client qube would be able to see your subkeys and therefore link identities. Since the overhead in creating multiple pgp qubes is small, I would do that. The reason I think it'd be beneficial to create one central domain is so it can be autostarted and handle most PGP operations, multiple vms wouldn't be very convenient, as well as limitations on memory usage, I wouldn't even think to autostart multiple PGP domains, but even in not doing so, my memory goes quick. Should I utilize a dispvm as a middleman? One disposablevm shouldn't be too impactful on memory usage, and I could just copy documents around instead of multiple keys. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bb5de2cda7f2468371aba5e42c018045%40firemail.cc.
Re: [qubes-users] Split PGP threat model questions
On Thu, Sep 17, 2020 at 12:41:56AM +, uro2204nk81jeorn wrote: > Let's say I have created a general purpose domain for storing EVERY subkey I > create, what kind of implications could this have? Am I leaking multiple > identities every time I use the gpg wrapper? > > Where can I read deeper into the design as well? I'm assuming you have read: https://www.qubes-os.org/doc/split-gpg The "Discussions" referenced at the bottom of that page are a good guide. As to the risks in storing all your keys in the same qube, there *is* a danger, in that an attacker who gained access to a client qube would be able to see your subkeys and therefore link identities. Since the overhead in creating multiple pgp qubes is small, I would do that. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200917011830.GA14990%40thirdeyesecurity.org.
[qubes-users] Split PGP threat model questions
Let's say I have created a general purpose domain for storing EVERY subkey I create, what kind of implications could this have? Am I leaking multiple identities every time I use the gpg wrapper? Where can I read deeper into the design as well? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/990301fb0eba7775dd9853ce63a63754%40firemail.cc.
[qubes-users] Intel Optane?
I am likely to buy a machine soon for Qubes. One candidate would come with 32G of optane & 512G PCIe SSD. I'm seeking advice on using optane with Qubes. Searching for optane on the Xen site gives no hits, a general search for "qubes optane" gives a few but none that seem remarkably helpful. "linux optane" gives a lot & I'm still working through them. I'm not sure using the optane as a cache will work with Xen, or that the payoff from putting cache in front of an SSD will be worthwhile. Hence I'm inclined to just use the optane device as a fast boot drive, which various sites say is possible. I'd put Xen, Qubes & likely Dom0 files there & everything else on the 512G device. Is 32G enough for that? du -h on my current Kubuntu system shows 29G for / and 18G of that is my home directory (which on the new system will not be on the root drive) so it looks to me like it should be fine. But how big is Qubes, assuming all VMs except perhaps Dom0 are on a separate drive? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CACXcFmkoKKQaVSE0XbP3dCTsCtOxV6pDo77CZNZO2f4UjNxf4A%40mail.gmail.com.
