At 12:18 AM 2/28/96 -0800, Mike Ingle <inglem@adnetsol.com> suggested setting up a VB program on localhost to proxy POP and SMTP requests for PGP, rather than hitting it from the user interface.
Once this is set up, the user burden is near zero, and it works with any winsock-based mail program. What do you think of the idea?
It'd probably be pretty convenient for incoming, though you need to build some mechanism for displaying the PGP output for signatures (since PGP gives you the contents of the signed material when you check the sig.). One interesting security problem is how to distinguish between the message your PGP bot drops in your mailbox containing the message and an indication that the signature is good from a message that someone carefully constructed that _looks_ identical but includes its _own_ indication that the (possibly bad) signature is good. For outgoing mail, you'd either have to sign everything, which may be good, or have a way to tell it the proxy whether or not to sign the mail, and you'd either need to hand it your passphrase each time or take the security risk of leaving an autosigner hanging around listening on a port, just _waiting_ for somebody to lie about where they're connecting from and get your bot to sign arbitrary things..... There are also minor issues if you use multiple keys, which most people probably should. Interfaces between VB and PGP262 are a bit crude - Private Idaho is a good example. The problem is that PGP262 is a DOS program, so you need to POP up a DOS window to run it in, and then make the window go away. PI does that just fine, but it's a bit ugly to watch; it's much cleaner with ViaCrypt's Windows-based PGP. PGP 3.0 will simplify this, since you'll be able to use PGP as a library instead of a hauling up DOS to run it in. #-- # Thanks; Bill # Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215 # http://www.idiom.com/~wcs Pager +1-408-787-1281