Hi,
I'm not sure if this is the right place for it. I'm thinking of creating a secure place on the internet.
Some of my presumptions are:
1 - That no system/network is to be trusted.
2 - Important data should be encrypted.
3 - The link between data and encryption key should be as secure as possible.
What I got so far is the idea to create a path of stateless rpc proxy agents that transfer requests and answers.
Each agent should have only knowledge of the next agent, the request/answer will carry a encrypted
payload of passwords and requested data.
Paths will be generated from a secure site and each agent will be informed of his part in this setup.
This could happen to pre installed agents or by replacing agents with new agents. Ideally this reconfiguring
of paths should happen as much as possible and with the highest randomness. Agents have to be configured
in a fault tolerant mesh setup.
Additionally agents would be configured to integrity check their part of the network.
Asymmetric encryption is used to package transport data and symmetric encryption is used for database
encryption.
The weak point of this set up is the in memory data at the time of encryption and decryption of the data.
And I have no Idea how to solve this.
I'm very sure there are more weaknesses in this setup.
All suggestions are welcome.
Kind regards,
Jessec