Re: ToG Linux (first draft of a RFC) ...
Hello,
it's quite interesting that you use a platform such as wordpress,
running code you can not control, to discuss such matters.
Wouldn't it be more reasonable to self host, using a hoster providing
decent privacy and aonymity or a technology such as Tor? Given the
amount of time and effort you put into your draft, that would not be a
big overhead, I think. It would, however, make it clearer that you
actually mean it.
Also, what I know about secure, air-gapped systems, can be summarized
quite easily:
- You can not use the same hardware air gapped and non air gapped.
- Maintaining such systems is a pain.
- There are no shortcuts.
Small anecdote: A colleague recently visited a US agencies secure site
to help them with some software deployment. He could bring one DVD-R,
not -RW, there. No electronic equipment.
There are no USB keys, portable disks, or dual-booting devices
repeatedly crossing the boundaries there. In particular, there are no
exceptions. What you bring in is thoroughly examined and stays in.
All your fancy ideas seem to be about bridging the gap. This will not
create security.
Cheers,
Arno
--
Arno Lehmann
IT-Service Lehmann
Sandstr. 6, 49080 Osnabrück
Reply to: