(Got good feedback already, so information from comments responding to this post have been added to this post)
Definition of “security labels”: For this document, I’ll refer to all the types of important security related information that would be good to be known about a qube when making decisions about it as “security labels” (colors will be one way of expressing that information)
What we want to express:
Some information we might need to convey through the security labels is
- How vulnerable the qube is (example: expressing that it has full network access, restricted network access (which depends on the level of trust of who you are connecting to),no network access, untrusted printer drivers or not, trust level of the applications in that template, etc)
- How valuable the information in the qube is. (a example could be “this qube is used for banking” vs “this qube is used for general web browsing” vs “this qube contains my gpg and ssh keys”) (“value” can be alternatively phrased as how costly disclosure of that information would be)
- Identity (examples: personal vs work vs secret identity)
So first question is: What other types of security related information might be good to know about when one is making decisions related to a qube?
To help people get ideas, a example of one attempt at categorization is:
- For the important stuff: Classified information in the United States - Wikipedia
- But a much more detailed categorization system for the “not as important” stuff: CUI Categories | National Archives
Many other attempts (by other countries) are listed here as more examples(with a large amount of overlap from one country to the next):
Options for how we could express it:
Currently, the information from the above security labels could be expressed by several channels:
- Qube color
- Qube name
- Display location (I.E. what workspace it’s on or what monitor it’s on)
So second question would be: Are there any other channels of expressing the security label information that we have not listed above?
Some examples of proposals for possible other channels to express the security label information discussed in github issues are:
Everything after this line is old stuff from the original version of this post (that should probably be removed now):
Any proposals for extending the qubes label/color system to handle this?
I’ll kick things off with the following initial proposal, and see if it inspires anyone with a better proposal:
(Here I had put a proposal that had already been proposed in the github issues)
As I said. I’m hoping for people to improve on this idea. What other options can people think of?