-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
formalize qrexec RPC semantics #1175
Comments
Notes from discussions at the Qubes OS Summit this week:
It's still an open question what serialization to use: that is, whether qrexec should insert a standard serialization between its call semantics (process, socket, TCP) and the callee's qrexec-oblivious I/O channels. Footnotes |
I've finished my notes in #1175 (comment) and updated the top of the ticket to reflect the following shift in my thinking since the Qubes OS Summit. Where I was originally focused on the input/output de/serialization (JSON, CBOR, etc.), I now think the most important question for us to consider here is whether we always want UNIX-process semantics for our qrexec calls. For example, in freedomofpress/securedrop-engineering#82, if we're fundamentally concerned with HTTP and especially REST endpoints upstream, why bother with process semantics (standard input, output, error; return code) when we could just do HTTP via a socket- or TCP-based qrexec service? |
After freedomofpress/securedrop-engineering#82 and freedomofpress/securedrop-client#1777, this is a stub proposal to suggest that we could formalize an RPC convention of JSON, CBOR, etc., over qrexec, such that:
0
) is either (a) a single-line (e.g.) JSON "response" object or (b) a "raw" lower-level blob or stream;Formalizing this would let us reuse rather than reinvent it, possibly including a minimal Python and/or Rust (a) library for the caller and (b) framework for the post-
qrexec
entrypoint.Affected components
sd-app
)sd-proxy
)sd-gpg
)People and roles
Problem Statement
Solution impact
Requirements and constraints
Exploration
Initial proposal
Selected proposal
See also
The text was updated successfully, but these errors were encountered: