-----BEGIN PGP SIGNED MESSAGE----- An entity calling itself ichudov@algebra.com probably wrote something like:
My moderation bot STUMP is not only PGP-aware, it is also doing a lot of PGP-related things. Among them:
1) For posters who voluntarily chose additional protection, STUMP allows only messages with a valid PGP signature to be posted.
<snip>
2) All exchange between my modbot and human moderators is PGP-signed (and encrypted when necessary) <snip> 3) All message approved for posting to usenet get signed with Greg Rose's PGPMoose program. <snip> 4) There is an additional service for those who post through anonymous remailers BUT want to have an identity and reputation. <snip> <Great idea!> We currently have at least two posters whose real life identities are unknown, who use this feature and have sent us their PGP keys.
STUMP is currently working in production mode seemingly with no problems.
Okay Igor, that is an impressive list of features! Now what I want to know (and what I want other people here to hear) is: _How_ difficult was it to incorporate these PGP features into your software? My guess is that it was a simple matter of making a couple of system calls to PGP, plus maybe extra defense against replay attacks (you _do_ have defense against replay attacks don't you?) and the fact that you have more debugging work because you have more features. Regards, Bryce Return-Path: ichudov@manifold.algebra.com Received: from galaxy.galstar.com (galaxy.galstar.com [204.251.80.2]) by digicash.com (8.6.11/8.6.10) with ESMTP id TAA15575 for <bryce@digicash.com>; Sat, 6 Jul 1996 19:54:16 +0200 Received: from manifold.algebra.com (manifold.algebra.com [204.251.82.89]) by galaxy.galstar.com (8.6.12/8.6.12) with ESMTP id MAA12554; Sat, 6 Jul 1996 12:52:30 -0500 Received: (from ichudov@localhost) by manifold.algebra.com (8.7.5/8.6.11) id MAA31894; Sat, 6 Jul 1996 12:53:02 -0500 Message-Id: <199607061753.MAA31894@manifold.algebra.com> Subject: Re: Need PGP-awareness in common utilities To: bryce@digicash.com Date: Sat, 6 Jul 1996 12:53:02 -0500 (CDT) Cc: cypherpunks@toad.com, e$@thumper.vmeng.com Reply-To: ichudov@algebra.com (Igor Chudov) In-Reply-To: <199607061311.PAA08700@digicash.com> from "bryce@digicash.com" at Jul 6, 96 03:11:48 pm From: ichudov@algebra.com (Igor Chudov @ home) X-No-Archive: yes X-Mailer: ELM [version 2.4 PL24 ME7] Content-Type: text bryce@digicash.com wrote:
I really don't see why programs like majordomo, UseNet moderation-bots, and most noticeably the PGP key distribution program are PGP-unaware.
My moderation bot STUMP is not only PGP-aware, it is also doing a lot of PGP-related things. Among them: 1) For posters who voluntarily chose additional protection, STUMP allows only messages with a valid PGP signature to be posted. All posts from these people that do not have a PGP sig or have an invalid sig, are automatically rejected. It protects them from forgeries. 2) All exchange between my modbot and human moderators is PGP-signed (and encrypted when necessary), to insure integrity of moderation email traffic. 3) All message approved for posting to usenet get signed with Greg Rose's PGPMoose program. 4) There is an additional service for those who post through anonymous remailers BUT want to have an identity and reputation. The idea is that they submit their PGP keys to the robomoderator, and later robomod takes the user id from the PGP key, replacing meaningless anonymous addresses with their identity. We currently have at least two posters whose real life identities are unknown, who use this feature and have sent us their PGP keys. STUMP is currently working in production mode seemingly with no problems. For details, look at http://www.algebra.com/~ichudov/usenet/scrm/robomod/robomod.html - Igor. -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMd7Dj0jbHy8sKZitAQGkIAMAxr5F3Lqv2cUBekFz3KRam1H4uE4qKrHx cv7DwvRUXVX89TK0TFVlt/T3nwD8NBTwMtMG+xnlltHCLcjrSC0gd+3Pu2B8o0nD 0JnXWitvZtAm405YPKaN7sX6hCGGyNOX =U+4Q -----END PGP SIGNATURE-----