On 22 Sep 1997 02:32:12 -0500, Alan <alan@ctrl-alt-del.com> wrote:
Mail is another hole. Eudora now distributes PGP 5.0 with the latest version. (This version does not do RSA keys. You can get the plug in to do those keys from PGP inc.) This is helpful, but there are many other plug-ins that need to be written. Support for remailers is lacking. Windows based code for Mixmaster is also a needed thing. A good interface would help immensely. (Private Idaho was a big step in the right direction. Integrated with a remailer people already use would be another big step forward.)
Agreed. I think Remailer support could be a big opportunity. People may not understand/care-about encryption, digital signing, etc., but they definitely understand the need for anonymity. Question: If a free remailer plugin for eudora is released, can the remailers handle the increased load? Are there enough remailers? People will not tolerate more than a 24 hour delay for getting their messages delivers. What about spamming? Another Question: Since such a plugin uses (has the hooks for) encryption, would it be covered by ITAR? (i'm asking because I'm seriously considering making the eudora plugin) Anyway, the remailer 'network' needs to be strengthened. Right now, Raph's pinging service (or whatever private idaho uses) is the only way private idaho can tell which servers are up. Attack this point, and reliability when chaining remailers becomes uncertain. Imagine a TLA co-opting this service and altering the list to favor government friendly remailers. It also needs to be easier to set up a remailer. I'd like to see the software distributed in .deb and .rpm packages for Linux. Once set up, the remailer could automatically announce itself to the world (perhaps via a newsgroup post). The various listing services would pick up on this. The more automated it is, the better.
I am sure that people can think of all sorts of other ideas for needed apps. But to make them usable for the "general public", the apps will be needed to be written for Windows. (As much as I hate to think about it...)
Private idaho needs to be rewritten (in Java possibly) to be simpler to operate. There should be one button to press to send a message without messing with what type and which remailers to use; the program could choose these things randomly (ok, it's not the best thing to do, but at least it's easy to use). It also should be updated to use pgp 5.0 (not exclusively, of course). If possible, also add support for the Eternity Service. Stenography Plugin for mail/news readers. It's our one (and possibly only) defense against GAK. You can't decrypt what you can't see. (watch for Stenography to be classified as encryption and be similarly restricted.) Is there any support for signed web pages? Is this covered by SSL?