Re: New remailer concept.

17 Dec 2003

      -----BEGIN PGP SIGNED MESSAGE-----
...
The answer of course is encryption, but that is a problem when 
you are writing to your, well... , "crypto challenged" 
friends.   Also, two way encrypted messages to most discussion 
lists is not possible (to my knowledge).
I hacked up some simple stuff which lets you read and send mail from a
remote unix account.  It's not exactly what you want, but it's pretty easy
to do.  (This stuff is pretty trivial, so if that bothers you, don't read
on.)  This lets you get an account on a freenet like nyx which will 
respect your privacy, and use that address to communicate to the rest of 
the world.

First of all, I used filter and a sh script called secsh which allows me
to mail and execute arbitrary sh scripts on the remote account, provided
that they bear a valid, authorized pgp signature.  If incoming mail has a
trigger word in the subject line, it gets piped into a script which checks
the sig and runs it if the sig checks out.  Here's secsh:

	#!/bin/sh
	PGP=/usr/local/bin/pgp              	 # the location of pgp
	PGPPATH=wherever	                 # the location of config.txt
	  export PGPPATH                         #   and pubring.pgp
	PATH=a copy of your path
	  export PATH
	trap 'rm -f /tmp/ss$$; exit 1' 1 2 15
	if ($PGP -f +batchmode < $1 > /tmp/ss$$ 2>/dev/null)
	then
	  /bin/sh /tmp/ss$$
	fi
	rm /tmp/ss$$

It's a good idea to point PGPPATH at a special pgp dir, because this will 
pass any script with a sig that validates with any key on your keyring.	

I use another script, mlscpt, which looks sort of like a dumb version of
the mail command.  It takes a destination address and a subject as input,
and reads incoming mail from stdin.  A sh script which extracts and mails
the letter is emitted to stdout.  Here's mlscpt:

	#!/bin/sh
	echo "#!/bin/sh
	sed -e '/BEGINCRM/d' -e '/ENDCRM/d' << \End_of_File | mail -s '$2' $1
	BEGINCRM"
	cat
	echo "ENDCRM
	End_of_File"

You can use another, trivial script, to call mlscpt, sign the result, and 
mail it off to the remote account.  Mine uses a dummy key to encrypt the 
output, for no good reason:  the secret key, which isn't protected with a 
passphrase, is on the remote account's key ring, so it unwraps 
automatically.  Here trigger stands for the trigger word which causes the 
incoming mail to be fed into secsh:

	#!/bin/sh
	mlscpt "$1" "$2" | pgp -efs dummy | mail -s trigger account@domain.edu
	echo " "

It's also trivial to cause incoming mail to be encrypted and forwarded to 
your home account, but I can't find mine and I'm too lazy to look up the 
PGP command args which are needed.

I used to use something similar to mlscpt as a "return address" for the 
cp remailer system:  I'd send people a script which would append a header 
to their letter and send it off to the first remailer on the chain.  I 
quit using it because lots of sensible people were reluctant to run 
strange scripts which they had recieved from some anonymous guy through a 
remailer.

==
Alex Strasheim | finger astrashe@nyx.cs.du.edu
alex@omaha.com | for my PGP 2.6.1. public key