Eric:
:I would be hesitant to implement a system that _only_ required a user :to generate a key pair.
Loyd:
I take the opposite view -- I dare *not* supply such a system. [...] But many users do not have the interest/time/ability to set up PGP on their home system. For them, I want to provide the best possible privacy given the ease with which anyone who can find their local LMOS can tap (voice or data) a line...
Where is the key pair generated? It must be on the BBS since your user may not have PGP running. The private key isn't private! The work to do public key encryption in the first place is hardly valuable if the owner of the private key doesn't hold it. If you just want inter-BBS privacy, why not set up each BBS with a PGP key pair, and use that for transfering messages? There's not much difference in security. A monitoring sysop would be able to read all the traffic originating on that board in either system. The difference is that such a monitoring sysop would not be able to read replies. Why? Because the private keys are kept on the originating board. But it sounds as though you're trying to prevent against external monitoring and that you trust your sysops. In this case there is no advantage to issuing keys to individuals; it's just not worth the effort. Loyd:
I don't have my user's terminal program -- I *do* have the bbs software.
This is the unfortunate fact of the situation, I acknowledge. But do you know what terminal programs are in the most common use? I suspect most of this stuff could be done with script programming in the various terminal packages. Do you know, in aggregate, how many users of each terminal program you have? You can poll your users to find out. You'll need this data to allocate your effort. And you've got lots of people willing to help, even if they can't because they are working on other projects. Everyone on this list, for example. Let me repeat, for those of you who did not previously know you were willing to help. Everyone on this list should be willing to help Loyd write scripts for his users to use PGP. Cypherpunks write code. This will mean someone who knows Procomm, Crosstalk, Qmodem, Telix, etc. for the PC, someone who knows the various Mac, Amiga, Atari, and other machines. This will mean someone to write nice pretty visual interfaces for PGP to put all the PGP options on menus where they are all visible. This will mean people to think about BBS/terminal protocols. This will mean lots of individual contributions, no single of which need be large, but whose sum will be. Eric