gedankensplitter/datadiode-driver.md

datadiode network driver

loose thoughts

• based on ethernet or lwl
• primarily to exchange data between virtualized hosts
• implements a driver which
  1. trust on unbound channel
  2. established a secure data transfer
  3. PSK as param, maximum receive size
  4. basically unicast , optionally simplex data + simplex status code(compile time)
  5. bpf based state machine firewall + logging
  6. inotify interrupt
  7. optional: steganographically resilient for timing attacks
• implements userland interface
  1. authenticate remote communication point
  2. transfer file, not files
  3. transfer text
• use well known security concepts
  • ECC based asymmetric encryption + symmetric transfers
  • maybe hardware token based signing
• technology combining of
  • wireguard -> the light driver + encryption
  • syncthing -> UI handling of sharing files
  • warpinator -> idea of sharing files
  • snapdrop/Airdrop
  • age encryption
• benefits
  • one piece of software for one specific job
  • implementing a specific feature by design not by enforcing outer boundaries
• json based transfer format
  • version
  • type of content [0:text, 1:file]
  • size of content [int64]
  • encrypted content [2^48]