formalize qrexec RPC semantics #1175
Comments
|
Notes from discussions at the Qubes OS Summit this week:
It's still an open question what serialization to use: that is, whether qrexec should insert a standard serialization between its call semantics (process, socket, TCP) and the callee's qrexec-oblivious I/O channels. Footnotes |
|
I've finished my notes in #1175 (comment) and updated the top of the ticket to reflect the following shift in my thinking since the Qubes OS Summit. Where I was originally focused on the input/output de/serialization (JSON, CBOR, etc.), I now think the most important question for us to consider here is whether we always want UNIX-process semantics for our qrexec calls. For example, in freedomofpress/securedrop-engineering#82, if we're fundamentally concerned with HTTP and especially REST endpoints upstream, why bother with process semantics (standard input, output, error; return code) when we could just do HTTP via a socket- or TCP-based qrexec service? |
After freedomofpress/securedrop-engineering#82 and freedomofpress/securedrop-client#1777, this is a stub proposal to suggest that we could formalize an RPC convention of JSON, CBOR, etc., over qrexec, such that:
0) is either (a) a single-line (e.g.) JSON "response" object or (b) a "raw" lower-level blob or stream;Formalizing this would let us reuse rather than reinvent it, possibly including a minimal Python and/or Rust (a) library for the caller and (b) framework for the post-
qrexecentrypoint.Affected components
sd-app)sd-proxy)sd-gpg)People and roles
Problem Statement
Solution impact
Requirements and constraints
Exploration
Initial proposal
Selected proposal
See also
The text was updated successfully, but these errors were encountered: