> Our frames of reference were different: I was actually mostly > thinking about a duplex system, which if needed could be reduced to > simplex, in which case it would be the other way around than your > use-case. I never considered the scenario where the trusted system > was already compromised and you need to make sure it is completely > deaf and blind so an attacker can't influence it in real time.
Right. Our assumption was that the web server would be compromised within moments of bringing up the external-facing network. Permitting trusted machines to communicate in a *provably* one-way manner with systems outside the DMZ is an important problem -- not just being able to do it, but coming up with a way simple enough that non-technical users can understand. > The disadvantage for your attacker is lack of economy of scale: an > attack through internet can be done from your home to anywhere on the > planet. If you need to be in the vicinity of your target, you lose > that. That's why the vote tabulating office is guarded by people with guns. :) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users