-----BEGIN PGP SIGNED MESSAGE----- Eric writes:
The second distinction is between stream and file encryption.If you want to encrypt the underlying channel, you need a stream cipher and a D-H key exchange. If you want file encryption, you want a block cipher and public keys for communications.
I don't think we should try to put stream encryption into this product. A problem with stream encryption is that it requires special SW on both ends. We would have to not only write a terminal program, but also write software which would transparently encrypt/decrypt which ran on the host and then passed the characters on to whatever command shell would normally run. I could see doing this with Unix (using pty's, a variant on the "script" program many systems have) but it may not be too portable. Stream encryption defends against wiretappers, and may provide some protection against the more trivial root-based attacks on the host computer (ones which just monitor the serial port - although if you use the pty idea there may be an internal serial port that has cleartext and which can be monitored). But you are still vulnerable to being monitored by root. I don't think the benefit gained is great enough, given the cost, to make this a good initial feature for the product.
This also implies the existence of offline mail readers.
It is going to be hard to provide an offline mail reader with the friendliness of what the user is used to. Also, offline news reading is probably out of the question in this environment due to the great volume of news. Offline mail also has the problem that some people send great, huge messages that you aren't interested in. Online you just look at the first couple of pages and then delete it. Offline you download the whole thing, often paying for it, before you look at it. Another approach would be to have a "paranoid PGP" available on your host computer. This works much like regular PGP, except it will never ask you for your pass phrase. Any time it would, it instead outputs a magic escape sequence. This is recognized by your Cypherpunks terminal program and causes it to run a local program which includes PGP. The paranoid PGP on the host automatically downloads the file it was going to decrypt or sign to the local machine, which runs PGP, asks for your pass phrase, does the operation, and (perhaps) uploads the results back to the host. The whole thing is transparent if you are running the CP term, and your secret key and pass phrase never left your computer. (You might or might not want the plaintext to be uploaded after decryption - perhaps it could be previewed locally and if it's not too "hot" you can upload it and reply to it on the host.) Under this approach, message ENCRYPTION could be just done on-line since paranoid PGP doesn't need a pass phrase for that. So you can compose and mail your messages without needing any special support, as long as you don't sign them. You are still trusting the host, but not as much as if you left your secret key there and typed your pass phrase into the host computer. This is less secure than if you did everything on your PC but lets you use the powerful editing and mail/news handling capabilities of your host. This approach does have the same disadvantage I listed with respect to stream encryption, that it requires some special software on the host. However, this software should have many fewer host dependencies than a transparent stream encryptor would. Hal Finney 74076.1041@compuserve.com -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLAypvagTA69YIUw3AQECTgQAq/dvZ1EExP1GYzKlQcxhMIPT9TExxIes 25L8ZwG5syA6+KEcL2pSfnoPe1l9ZixCjefUnNiy9MYAHBh8uo8IEZ/IoCArSbvs ImUjayxZjWugHZaBIUsOo/dk5VbX/1tY3CW1eN2wItvtF1RQYk1QPjCYFgECqKeY UtRAd2p/JqI= =GAGr -----END PGP SIGNATURE-----