-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Rusty Bird: > Patrick Schleizer: >> The problem is, any Whonix-Workstation behind Whonix-Gateway - >> once compromised - can claim to be another Whonix-Workstation, >> thus not being stream isolated anymore. >> >> This could be solved, when there was a defense, that prevented >> impersonating other workstations. VPN and/or Static ARP entries >> and/or OpenSSH could be used for that purpose. > > (How) does Qubes deal with this?
Last time I checked, it it did not. (Apart from the workaround of using a separate Tor-VM per workstation.) I guess they'd be also interested to discuss your new concept on their qubes-devel mailing list. -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJTAMBiXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2RTk3OUIyOEE2RjM3QzQzQkUzMEFGQTFD QjhENTBCQjc3QkIzQzQ4AAoJEMuNULt3uzxI2boP/1w+6qrYzFWGCQwMFvuX2CHZ qaPCftMdur629HWsOm7UH29Bgyj0smF4a23l/8OFeYIfQp6l3oWQTJPHtn22zohA MDusXR/2lfbWpt2mAjxYkvtMvY83lp0CtMJrw2cFJD69nrvWDjQvMQ1C3smwR5qL 0phapPz18+0Pp9E/5pEbKxWALdqCYCGLX76ED9wFhH1x9YM13FAx7xNnWB/1zZRt P6uIbfUVU5teCXO/hG13X4tTxO+vHFb22ZvCBHLS67bmx+nUXxxlN2G2H8+UDvFU 5XXB0qIlq6SlWlk7J9WQy2L3fyEB89X8xE3FxMNO3jVjPoBfM6JcsmWoLar91D+1 5As0N/Y/LyVffvLfLAJdoLuajCNp6gCWBVub1QPKuSzV6xggrsrn5TKrVsoBZMNX wyY+7U6idlYnKG8X3fiPu3F5mwZtlw/cqvE7/QOIvQSc62W7EaJgrlH9VQWyzlZR gjOmytpdh36dbP8GuFYpJRw7MoSUPCWqadn4lpZzl06f9v/CkjT+Vn8mXYR3OaxU ke/HyYXQ0FoAa3jWs00l8FIHb65zMIGo/qHAcbC5kSGt9DxoJGs6z0/XvJaiWDVf 8f/aU3LnViywaDS9JpH/SAQXt2zWzDWNTinAZ8tx5pWX61nQVyELLc4SSOAA+4g/ 1Jr+T60EIXiaR4Y/dCVq =7pBn -----END PGP SIGNATURE----- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk