[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] corridor, a Tor traffic whitelisting gateway

On Sunday 16 February 2014 13:42:59 Patrick Schleizer wrote:
> Rusty Bird:
> > Patrick Schleizer:
> >> The problem is, any Whonix-Workstation behind Whonix-Gateway -
> >> once compromised - can claim to be another Whonix-Workstation,
> >> thus not being stream isolated anymore.
> >> 
> >> This could be solved, when there was a defense, that prevented
> >> impersonating other workstations. VPN and/or Static ARP entries
> >> and/or OpenSSH could be used for that purpose.
> > 
> > (How) does Qubes deal with this?
> Last time I checked, it it did not. (Apart from the workaround of
> using a separate Tor-VM per workstation.)
> I guess they'd be also interested to discuss your new concept on their
> qubes-devel mailing list.

qubes-tor maintainer here.. playing with corridor in a Qubes ProxyVM right now 

As to the spoofing question, Qubes doesn't suffer from this problem.

While there is only one gateway/torvm to many-workstation/appvm, each appvm 
uses a separate interface and subnet, so appvms can't impersonate or affect 


Attachment: signature.asc
Description: This is a digitally signed message part.

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to