On 7/24/2013 6:06 PM, Robert J. Hansen wrote:
(My original reply went just to Philipp.  My apologies.)

No apology necessary.

I also must apologize, as my original reply got sent to Robert J. Hansen, when it was intended for the list.

On 7/24/2013 1:53 AM, Philipp Klaus Krause wrote:

Unfortunately, this is not casting very much light on things.  The use
of phrases like CONFIDENTIAL, SECRET and TOP SECRET have very specific
meanings in NATO countries, and you're using them here in ways that are
at odds with their NATO meanings.

This is true, and NATO countries have very specific and well defined ways of dealing with data with those titles, depending on the country.

Let me try this rephrasing:

[snip]

Further, each piece of traffic can receive any of three classifications:
C, S or TS.  You can send C traffic to Bender: the necessary keys to
decrypt it are held there.  However, although you can technically send
TS traffic to Fry, Fry can't decrypt it: the keys aren't there.

If I have this right, then you've walked straight into the Bell-LaPadula
security model.  You'll be well-served by reading up on it: a good
academic reference will answer many of your questions.

I'll have to look that up and read up on it, when I have the time.

The short answer is, "OpenPGP by itself will not be sufficient for your
purposes.  It might be able to provide a couple of tools, but what you
want to achieve is far beyond the scope of OpenPGP."

That was my conclusion, as well. That is why I suggested the bootable GNU/Linux or *BSD Live CD (with some vital tools on it, of course) and a USB thumb drive - with an encrypted filesystem for storing the keys (I'm not familiar with the smart card's capabilities, and as every smart card reader I have is non-functional, I cannot test it out).

My suggestion went beyond OpenPGP and GnuPG to try to solve the problem Philipp described.

Regards,
Chris

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to