adrelanos: > Abel Luck: >> Interesting reading, thanks! My use case is different. It's running >> Qubes-OS [1] with a specific TorVM acting as a transparent proxy for >> other AppVms. >> >> The AnonBrowserVM is a VM that only has Firefox (soon TBB without tor). >> OS updates are handled separately in a different VM. The root FS is >> read-only (technically COW, but never written, see [2]). >> >> Looking at your attack comparison matrix, I believe a proper Qubes >> w/TorVM+AnonAppVM setup is safe for all attacks except those involving a >> vm exploit and an attack against the tor process or network. > > I haven't check in details, but Qubes looks very good. It's interesting to say the least. A few of its drawbacks are its resource demand (8GB recommended RAM, 20GB HD space, just for the OS), and it's hardware support (doesn't support new Ivy Bridge intel GPUs). But it's a new project that will tackle these issues in time I'm sure. > There is a big and very good blog post about Qubes + Tor. The part it > lacks is the stream isolation part. > > http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html Yup, this was the basis for my setup, though I'm using the Tor RPM repo for 2.3.x w/ stream isolation. Plus, it exposes a few SocksPorts for added isolation for certain applications. Now I'm brainstorming on how to solve the DNS issue, I'd like to be able to resolve non-A records. ttdnsd is pretty broken.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk