Summary
The
idea is to have a design standard following a layered approach. While
users will always be free to create whatever structure they want, most
will probably fall into whatever design guidelines the project has. This
is one logical proposal for such a guideline, deriving from the assumptions given above.
That is something which is in my experience only very roughly true. So
yeah I would not use red for a vault VM. But just because two VMs have
the same color does not mean that the security assumptions about the
two are the same. For example I have a green VM with a chat client I'm
playing with and my firewall VM is green like in the default setup.
But the security assumptions are very different.
Given that this is exactly what kills your compartmentalization when
you made a small error this is IMHO a way to vague formulation.
> - *Data flow should be inherent by the design*
>
> More secure VM's should only have data pipes from less secure VM's
Could you please clarify what you mean?
How you compartmentalize is a very
individual decision and I don't really see why we need more than the
default colors of the standard setup.
No. Both VMs fall in the the rough category "medium security" [0], but
for very different reasons. So "Different VM's of the same color
should have equivalent security" does not apply. But a common color
make still sense for me.
Ok. That makes your point clearer to me. In some cases this matches my
use cases/experience. But as one very common counter example I would
like to point out the Tor/Whonix use case. Here the ProxyVM has the
higher security/color level than the application, because the proxy
ensures the torification while the application (for example a Browser)
is often the much bigger attack surface.
It would be helpful if you could make it a bit more clearer what you
imagine when you say "standardization". Because I indeed understood
your proposal partially as you would like to "bake in" this design at
least somehow.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJWOUyFAAoJEOSsySeKZGgWvwQP/2ip8c7sFuAINKF+YX7cvhgE
nwFZ3ZOHPGlDGJ3bAQKlgKDmD4nfDpCipdULu4FNvbtESj1U/KdHSXMDdj91p2n6
kuGGrjVksWjkfbuXMphAKVNM4F0OMS3P8rY8YhxKhun6i+e4fxUjubTk+FSXkk9V
/HIbUTIAlQCuf8CwieG4LXJDr4oWCiw+h4DBNuPShw7hZJkjsQf35Su6EV9zno7x
YXPqcBYL37xJmF6Rl/svL+Z4+cssjK6UyRi8LGFOT/c629RyB8lUaG++WR/KoJ7l
/0WQrKhsqDbhR4/x8MxqIZ5fqv2St5Fc9YrubdJe79mlGp166QsFHDvjgTxarHFk
l4SDFLMnuODRziRRFuxQ0seQfSFojZOmi8jeLM3wKsSEPYkMf/LhTFSFVjDCFCh3
TNzy4eNnonfFVj1oN2CBRxglnDnVUPBEA/WMg0MwJcd5s9TbNGFUd4uz3oNg3PEF
zpU+WRs49FEVdelhCErR/fw1mZGufOjCr6cOKeAct5l3As+xPB080obtEswTKZbf
GQNsw0ot0ZGoc4RpV4r2wwRmXwJ/a0SAz5VL26GeHssPvPZw2ZS5vMB5oDYbetro
rZWGCDX/PoJNfSSRuGYanCnR2yaDhkrD1XWJIM+PJeOD6ckp+nZNUkf+QHX4rA74
/VgOrvF2P17X0+xRddL4
=m4DD
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups "qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/56394C86.4070101%40ipsumj.de.
For more options, visit https://groups.google.com/d/optout.
For what I understand cubemammal proposes various standard configurations of VM architecture.
Qubes mailing lists are made mostly of computer professionals who are mostly able to use the huge freedom that Qubes provides. But security is obviously a general need. Also a need of most people who use a computer as an appliance, that means zero freedom, but something easy that works out of the box.Also a wider Qubes use (outside of computer professionals area) would mean more sustainability for the Qubes project and for Qubes core developers.So why not giving full consideration to cubemammal effort to preserve full freedom for computer professionals, but limit freedom for normal users that do not understand (and
probably never will) the huge range of different possibilities that Qubes offers.
Zrubi already told us that nothing will prevent those who do not understand from making security errors. That is true, ma the same something is better than nothing and I am sure that even the very normal user can move towards Qubes and have something more secure if Qubes moves a little bit towards him/her.
--
You received this message because you are subscribed to the Google Groups "qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/99d4d031-3ce1-47c1-81b3-a7dd06750c0b%40googlegroups.com.
Yes of course, but to understand that one should be able to look from the point of view of another very different person. But most people are simply unable to do that.