-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sun, Dec 03, 2017 at 11:09:21PM -0500, Jean-Philippe Ouellet wrote: > What's the intended use of [1]? > > I expected the eventual addition some kind of careful mechanism to > allow automated creation of "allow" policies by a management VM, where > the source & dest are both required to be managed by that management > VM. > > However, this seems to be an entirely different purpose. What am I missing?
You're missing U2F integration repo, which is not yet public. This is part of work done for a customer, but we expect to eventually release it in public. Consider two calls: u2f.Register and u2f.Authenticate+KEYHANDLE. Just after registering, backend requests dom0 to allow respective frontend (and only that frontend) to use this particular key. This policy cannot be set from management VM, because the key is generated in hardware and needs to be communicated from the backend. But the mechanism is generic enough so there surely will be wider use for it, so it gets released now and is included as part of core stack. > [1]: > https://github.com/QubesOS/qubes-core-admin/commit/61c164e1c3feeea9342b46354636d03b5c981139 - -- pozdrawiam / best regards _.-._ Wojtek Porczyk .-^' '^-. Invisible Things Lab |'-.-^-.-'| | | | | I do not fear computers, | '-.-' | I fear lack of them. '-._ : ,-' -- Isaac Asimov `^-^-_> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJaJTdxAAoJEL9r2TIQOiNRo2kP/jMGj4ZX63a9v9o7SF9oDLVQ JEv4XKK9vmihw6Prl+bkAoHdgzigMuyxRgPNhCqHrW2f6fQFKRGZ0nf7GziKX5vy i5KRptvDHmM/qZSDGaneLLYvcQuEyXOQ4QfYt5d2JlNjbu9JgSkSaFOE+WbN6UNh 6aVCRV/pwhY/RNhtCCvcDnCQqgkndHTTvwNrRZ4jWhLg0EdkuWI3ZLQuLqDrqM17 ES4RyJqeESf8MdB9M32mGWGgnwrIaGE9BjYv6jibj6C2KcFZ47oyPLmrl6giSge+ n+qSrLHuLrV7LNkBycmDQ8BAQcECY2Y4wYyGrXkV42kpcKv8lazz/si5MWT/wpgR qLbVX0mrexg1nXvjRhGsn71XSPEv4qaX/gcHTh0TQRj/Jdg9mdRB5XzXXzUoBMH1 JCZBe3lRoudi4xmtZV4prqZfJ0Jzy7DrOFfS+Qkr0BUEgdSpynH0GtUjArXBnKb6 XW7G0jtIA2S7HEapUN2F/gW0C7JoWsk7oQ5NL55iCuolO/mZdn6MIrpWBJh2dXPS 74jW04O+QqPZCiejTen/6tT2mrwbVwA7cnQTSDRhCIgFnofCbWLcP4cdPHXlYGEy NwZQgQ7WGMimossIocr6yfomEG6MiZ7i8AeZQk6PPW3MpJaUlYAV5M35qTNjDt8D RyIlSKGM5+yIJwP3EOOS =zpjC -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20171204115428.GD1793%40invisiblethingslab.com. For more options, visit https://groups.google.com/d/optout.