On Thu, Jul 27, 2017 at 3:07 PM, Rob Austein <s...@hactrn.net> wrote: > Old work item which we kept putting off for later. Still not there > (missing a few bits of C and Verilog we'd want to do this), but to get > some of what I've been thinking written down where others can review, > I've posted: > > https://wiki.cryptech.is/wiki/SecureChannel > > Comments welcome. > > Apologies to readers who don't have access to the referenced texts, > particularly Cryptography Engineering. Their "Secure Channel" > protocol is a nice simple thing using the obvious algorithms (AES and > SHA-2-HMAC), in this particular case I do mostly trust the authors to > have gotten the protocol details right. > > I'm sure that someone will quibble with XDR, for now take it as read > that we're already using XDR and I see no need to change that here.
Hello, I'd just like to cross-reference this and [1] an effort originating in the Qubes OS [2] community to establish a secure channel between a trusted USB device and a trusted virtual machine, via an untrusted and potentially malicious USB controller. The goals seemed sufficiently aligned that I suspect that there may be some de-duplication of effort possible - or at least people from either community interested in the opposite effort. Best regards, Jean-Philippe [1]: https://github.com/QubesOS/qubes-issues/issues/2518 [2]: https://www.qubes-os.org/ _______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech