The Reliable Security Environment

- A Pretty Good Solution For Really Bad Networks -

January 2000

Please feel free to mail your comments to me!

The Problem

Unfortunately everyone who is willing to use PGP in a networking environment is confronted with a problem, I have described in detail, the risk of disclosure of your secret-key.

All kinds of possible attacks on the security of your secret key are lurking around in a networking environment beginning with vulnerabilities of your operating system allowing snooping attacks to undesired side-effects using network software like browsers and other TCP/IP-based information systems.

Even if you are careful when using your passphrase, you don't know in which condition the computer system you have just logged in is at the moment, and you don't know, whether your keyboard input isn't going anywhere you don't know. You simply have no access to a computer system which is reliably secure to use your passphrase and to enjoy its secrecy for your lifetime.

If you don't have this problem, you are lucky, and you will never need RSE, because you have already a computer system you can rely on.

SECT - The Secure Terminal

But if your computer system is not reliable for using PGP and you have access to another system that offers you reliable security somewhere out on the net you can turn your local computer into a secure terminal (SECT) by booting a single disk, I call SECT-disk.

Once you have booted SECT your local PC is turned into a LINUX system which provides reliable security so that you can establish a cryptographically secured connection (Secure Shell) to your reliable system somewhere out on the net, and you can safely enter your passphrase locally, even if there is something next to Sodom and Gomorrah happening on the other systems connected to your completely unreliable local network.

RSE - The Reliable Security Environment

But if you don't have access to some reliable system on the net you can turn your local PC into a safe system, safe to enter secret passwords for PGP, using another disk which creates the Reliable Security Environment (RSE) on your local system. The RSE-disk holds your PGP-secret-keys doubly encrypted and provides all functionality to read and compose email and to sign documents without a risk of disclosure of your secret-key while your computer is still connected to a totally unreliable network.

What is Reliable Security ?

Everyone who promises total security should be treated with great suspicion. But RSE does not make this promise, and I'd like to emphasize, that RSE is designed to provide as much reliability as possible, so that you can be sure, your system is working in a reliable way, using carefully selected software to avoid risks that can be avoided.
Total security means nothing will go wrong. Nobody with some experience in complex information technology will regard this being possible during this millennium. But reliable security means that something important - like the use of PGP - is being performed in a certain way you can rely on every time you are booting your SECT and RSE-disk.

So what can you expect from the "Reliable Security Environment" ?

Intellectual Property

Most of the content of both disks is not my intellectual property!

The Reliable Security Environment uses :

All rights reserved to the authors of those famous software and everyone who has contributed. I am glad that I could find such a professional basis for the design of RSE. I thank you all very much.

For a few scripts, mostly in /root and /RSE/bin and /RSE/securemail, all of them I have signed with my PGP-key I would like to claim intellectual property, as well as for the idea of designing RSE.

Copyright © 2000 Ralf Senderek