U> How about the idea of a secure Internet Relay Chat? I'm fairly interested... version 2 of PGP is generating some interest here in the FidoNet, though it has some serious problems, design problems. (It's "ASCII armor" method (ala UUENCODE) is delicate and fussy, for example). I am considering becoming and "introducer" for parts of FidoNet. I can't seem to get past the problems of how to assign reliability to public keys I receive over an unsecured email channel to begin with. No other method is practical. Alas, I can't take part in much it seems, the UFGATE was hobbled to intentionally prevent us FidoNet people from entering text into message headers (For example "Request-Remailing-To:"...) because we'd take over the planet or something I guess (we are apparently contagious). U> The Server receives it, decrypts it, then for each of the participants U> currently in this particular room, the server encrypts the msg U> with that person's Public Key and sends it. Doesn't this imply that the unencrypted message would have to travel from the originator to the server? Or do you mean to send to X I'd request X's public key from the server, then encrypt, etc? --- Msg V2.8 -- Tom Jennings - via FidoNet node 1:125/555 UUCP: ...!uunet!hoptoad!kumr!fidogate!111!Tom.Jennings INTERNET: Tom.Jennings@f111.n125.z1.FIDONET.ORG
I am considering becoming and "introducer" for parts of FidoNet. I can't seem to get past the problems of how to assign reliability to public keys I receive over an unsecured email channel to begin with. No other method is practical.
Building a key distribution system takes time. Start off by having people mail you diskettes. Or if you don't mind typing, printouts. Carry copies of your public key to give to people in person. Get good security is not free, especially in terms of time. If you can personally receive via out-of-band channels the public key of another introducer, you can exchange all the certified keys you each possess. And then exchange those with another introducer you know. Introducers are not a special breed. Most people should certify others public keys, if only for redundancy. Remember, no one has ever set up a non-hierarchical public key distribution system to the general public. This is research. Eric
Alas, I can't take part in much it seems, the UFGATE was hobbled to intentionally prevent us FidoNet people from entering text into message headers (For example "Request-Remailing-To:"...) because we'd take over the planet or something I guess (we are apparently contagious).
You aren't the only one Tom. Apparently lots of Unix mail interfaces don't let you arbitrarily edit the header or add lines. I'm going to add a facility to make this possible for everyone. The design I have in mind uses only the message body. No need to touch the header. Announcements when it's finished. Eric
participants (2)
-
Eric Hughes -
Tom.Jennings@f111.n125.z1.FIDONET.ORG