First, let me congratulate Loyd and the others involved with Keystone for working towards the creation of a local distribution mechanism for keys. Every city in the U.S. needs something like this. If it's not happening in your area, start it. Start by getting PGP and making your own key. Then exchange keys with people you know. We have members of the list in many parts of the U.S., Canada, and Europe. There's plenty of work to do. Look around. If no one else is doing this, you should.
Ideally, you would be able to send RSA-encrypted email from any bbs on any of the local nets to any other bbs -- even if all you know is the destination address. We're going to do this by attempting to make the bbs PGP-friendly. All the user has to do is generate a key pair.
There are, roughly speaking, two kinds of privacy; one is provided, and one is defended. Provided privacy is unstable, since the person using the privacy does not create it. Defended privacy is stable, because those who want privacy create it themselves to the level at which they want it. Both systems do provide privacy, no mistake. I would be hesitant to implement a system that _only_ required a user to generate a key pair. This, for the users, is too much provided privacy. It will not teach the users how privacy really works, nor will it give them any good idea how their privacy is being maintained. Defended privacy does not need to be difficult. I would spend effort, instead of modifying BBS software, to make it easier for users to handle encrypted email with their own terminal programs. Now, any privacy is better than none. I don't really know if it is easier to modify your BBS or your modem program. But all other things being equal, make it easier for users to maintain their own privacy.
[...] a master keyring that will be regularly distributed via a trusted system to other nodes in town.
Again, trusted systems can turn into provided privacy. If there is a distributed solution you can think up, use it.
The first [weak link, line security] is almost insurmountable -- unless the user takes the time to d/l a complete copy of PGP and the Austin Keystone Keyring and encrypt the mail on their home system.
This should not be such an onerous task. It might be now, but that can change. Finding ways for users to manage keys, to get keys, and to look up keys are all interesting and useful problems to solve. Every user should encrypt outgoing mail on the home system before it leaves and decrypt incoming mail on the home system after it arrives. If this is not easy, it should be made easy. Not every user need have the complete directory on their own system. They merely need a way to communicate with those that they want to. This probably means a directory service, where people can download keys for the people they want to communicate with. Moving around a complete directory does not scale well. As far as BBS support, if I want to respond to someone and I don't have the corresponding key, I should be able to initiate a zmodem transfer of that key relatively easily, for instance without leaving the discussion area to go to a download area. Eric