From d6417d5028c3c255ade328ed5a71bd986b93986d Mon Sep 17 00:00:00 2001
From: coelner <cmn@net.local>
Date: Wed, 15 Mar 2023 06:53:38 +0100
Subject: [PATCH] Datadiode

---
 datadiode-driver.md | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 datadiode-driver.md

diff --git a/datadiode-driver.md b/datadiode-driver.md
new file mode 100644
index 0000000..c834342
--- /dev/null
+++ b/datadiode-driver.md
@@ -0,0 +1,34 @@
+# datadiode netzwork driver
+
+## loose thoughts
+- based on ethernet or lwl
+- primarily to exchange data between virtualized hosts
+- implements a driver which
+    1. trust on unbound channel
+    2. established a secure data transfer
+    3. PSK as param, maximum receive size
+    4. basically unicast , optionally simplex data + simplex status code(compile time)
+    5. bpf based state machine firewall + logging
+    6. inotify interrupt
+    7. optional: steganographically resilient for timing attacks
+- implements userland interface
+    1. authenticate remote communication point
+    2. transfer file, not files
+    3. transfer text
+- use well known security concepts
+    - ECC based asymmetric encryption + symmetric transfers
+    - maybe hardware token based signing
+- technology combining of
+    - wireguard -> the light driver + encryption
+    - syncthing -> UI handling of sharing files
+    - warpinator -> idea of sharing files
+    - snapdrop/Airdrop
+    - age encryption
+- benefits
+    - one piece of software for one specific job
+    - implementing a specific feature by design not by enforcing outer boundaries
+- json based transfer format
+    - version
+    - type of content [0:text, 1:file]
+    - size of content [int64]
+    - encrypted content [2^48]
\ No newline at end of file