Thus spake David Wagner (dawat_private): > Machine A is connected to the outside world, receives orders, > and PGP-encrypts them using Machine B's public key. Note that > Machine B's private key should never be known to Machine A. > > Machine B receives encrypted orders from Machine A, enters them > into a database, and decrypts them in memory when needed using > Machine B's private key, which might be stored on Machine B's > hard disk. Better yet, the private key might be on a smartcard > or crypto co-processor attached to Machine B. > > The two machines would be connected only by a serial port, which > can only transmit encrypted orders (no general TCP/IP traffic > over the serial port!). Machine A can be connected to the outside > world (Internet connection, etc.). Machine B should not be connected > to anything else, except by its serial port to Machine A. > > Would this type of architecture help? Are there any ideas here > that you can use? You haven't really specified your problem well > enough for me to understand your scenario, but I wanted to pass on > this brainstorm in case any of the techniques I've described are > useful to you. This certainly seems to make sense, and also seems to coincide with what other people are suggesting. I'm sorry if my description was a touch vague, but we have a complicated architecture (lotsa bit-moving) and I didn't want to get too much into it. It does seem like this architecture would help. My only question is: Would machine B need to be on a serial port or some such? Would a private ethernet line (or route) to machine A suffice? I can't imagine serial being quite fast enough to process several thousand transactions across. Further view of our architecture: - Files come in encrypted on FTP server(A) (from processing sites). - These files are fetched to another box(B), decrypted and loaded into a DB(C) - This data is extracted, encrypted, sent to another site (not in our system) for further processing. - The response back is encrypted(on B), and loaded back into the DB(C) - The results are then extracted(on B), encrypted, and sent back to the FTP server(A) to be picked up again by the processing sites. So here the FTP server is the only external facing box (using SFTP actually). In the future though, this may not be true. Orders may come directly to (B). -- // Andrew MacKenzie | http://www.edespot.com // In the beginner's mind there are many possibilities. In the expert's mind // there are few. // --Suzuki-roshi
This archive was generated by hypermail 2b30 : Wed Jan 15 2003 - 10:02:26 PST