34 lines
1.2 KiB
Markdown
34 lines
1.2 KiB
Markdown
# datadiode network driver
|
|
|
|
## loose thoughts
|
|
- based on ethernet or lwl
|
|
- primarily to exchange data between virtualized hosts
|
|
- implements a driver which
|
|
1. trust on unbound channel
|
|
2. established a secure data transfer
|
|
3. PSK as param, maximum receive size
|
|
4. basically unicast , optionally simplex data + simplex status code(compile time)
|
|
5. bpf based state machine firewall + logging
|
|
6. inotify interrupt
|
|
7. optional: steganographically resilient for timing attacks
|
|
- implements userland interface
|
|
1. authenticate remote communication point
|
|
2. transfer file, not files
|
|
3. transfer text
|
|
- use well known security concepts
|
|
- ECC based asymmetric encryption + symmetric transfers
|
|
- maybe hardware token based signing
|
|
- technology combining of
|
|
- wireguard -> the light driver + encryption
|
|
- syncthing -> UI handling of sharing files
|
|
- warpinator -> idea of sharing files
|
|
- snapdrop/Airdrop
|
|
- age encryption
|
|
- benefits
|
|
- one piece of software for one specific job
|
|
- implementing a specific feature by design not by enforcing outer boundaries
|
|
- json based transfer format
|
|
- version
|
|
- type of content [0:text, 1:file]
|
|
- size of content [int64]
|
|
- encrypted content [2^48] |