Quote from: LouisCyphre on September 09, 2012, 11:05 amQuote from: pine on September 09, 2012, 09:37 amLet us make one thing perfectly clear. Air Gaps are a good idea on their security merits. The best in fact. This does not make them trivial to implement and operate in practice for one second. Nuclear scientists are not known to be especially stupid people, but the Iranian Air Gap for the nuclear facility was still breached. I am not suggesting that you need to be a government to run an Air Gap, but the failure of it to work despite being best practice does illustrate the practical difficulties of using Air Gaps. In practice, a vendor using your software + the Air Gap, would have spent so much of his or her time on the Air Gap with time/money that any advantage to your software would be rendered utterly useless.I am not explaining that for your benefit Louis because you already know it. I am saying the above for anybody who might take your "simples Air Gap simples" as a legitimate answer.You're making the assumption that data needs to be transferred bidirectionally across the air gap. The purpose of this software is to parse data in the SR order table and produce printed labels or envelopes. Once the data is transferred from the system accessing Tor and SR to one with no connectivity except to a printer, there is no requirement to transfer any data back at all.Once the printing, packaging and posting is done the vendor just logs back into SR and updates the order status as normal.Splendid idea in terms of security, separating PGP public keys from PGP private keys on two different machines. But I've yet to hear from these hordes of Air Gap using vendors. They are a figment of your imagination so far as I can see. Because you know, I thought this software was to aid the business of decrypting addresses, not upgrading the vendor's operation security to be using Air Gaps.I'm pretty sure this only occurred to you inside this thread, you admit the use of Air Gaps was not part of the original plan, right? It's not in your advertisement anywhere. This was an afterthought. Is that something you're able to admit? If you're not going to update your advertisement it's just this thought experiment you had this one time.Since using Air Gaps is so simple, your customers should have no trouble going over this new paradigm according to you. Amongst other things, I contest that, it's rather exotic thing you're expecting us to believe.--I cannot comprehend how your customers are expected to adopt tippy top best practices, when the real security vulnerabilities lie with trusting yourself. Your No.1 goal should be removing the necessity of trusting LouisCyphre and replacing it with cryptographic forms of trust from the outset.