-----BEGIN PGP SIGNED MESSAGE----- Re development of crypto term software for PC and/or Unix platform(s): It seems like there are three general ways to approach this problem: 1. Offline reader style - ala QuickMail and its cronies - popular with DOS BBS's. 2. Waffle/UUPC style. 3. As an actual term program, but with an intelligent scrollback buffer/ASCII send module added. I have, several times, wished for a "guerilla offline reader" - a reader to collect all of the messages in all of the newsgroups (from my .newsrc file) that I read on some arbitrary Unix box, collect them into a file, compress it, and send them to my PC with Zmodem, so that I can browse at my leisure. Waffle/UUPC and a newsfeed is a better solution, but requires the cooperation of one's local sysadmin, who isn't necessarily interested in feeding someone news at 2400 bps. The ironic thing is that they don't care if you spend 4 hrs/day using that modem to read news - they just don't want you to tie it up for 45 mins with a small newsfeed. (Yes, there is the spool directory problem - and no, I don't think a flamewar about admins is useful here.) If we/I did something like this - it ought to be possible to do it in a shell script, or shell script + awk - and incorporated the means to receive/unpack a reply packet - I think it might be a good thing. The basic idea is to expand the access one's got via a networked Unix box to one's home machine, without necessarily requiring the permission or knowledge of local sysadmins. (No, I am not unfamiliar with the plight or circumstances of an arbitrary Unix sysadmin. I administrate a small system now, have been in charge of larger ones in the past, and have some experience with users doing peculiar and squirrely stuff with one's machine. :) I also don't think that what I'm proposing breaks either the letter or the intent of a reasonable security policy - but it is the sort of thing to make a control freak sysadmin go nuts.) Seems like the best way to implement the term program would be to add some intelligence to the "scrollback" (a buffer that holds the last 'n' lines of text appearing on the screen) which would allow it to find, extract, and process the --- BEGIN PGP SIGNATURE --- bits. The other side of this would be a process which would, given the name of a file on disk (or an editor buffer) locally, process it (sign,encrypt,whatever) and upload the results. This would be interesting, but I dunno if we'd be able to write something nice enough to become as widespread as Telix, Procomm, or whatever. (I also wonder if it's possible to add hooks to Telix/Procomm to do similar stuff.) For what it's worth, I have experience in C, and have fooled around with little assembly programs to read/write the PC's serial port on an interrupt-driven basis. (The use of a FOSSIL driver seems intelligent here, though.) I have written a PGP keyserver to run as an attachment to a DOS Waffle system, and intend to expand and improve that if I can get some free time. I'm interested in working on this stuff but am less interested in re-inventing any wheels. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLAw+f33YhjZY3fMNAQHdTAQAr9sk4WdPxC/Bz8i5tEZ/ammwaUt6rEtL 13wMPT+L9JXGrgMNoey6EGjmrHXH9C0DweXGhPYIzq9U8EW9xmsacwEPets+sVJv T90gM/+aeQkixgRb93FIqIpCnRVzF9lQcin0v4e69s6mMk0y6WTQMEJkDXbKvKTM lCK6WBakWws= =QCej -----END PGP SIGNATURE----- -- Greg Broiles greg@goldenbear.com Golden Bear Computer Consulting +1 503 465 0325 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764
All of these ideas (on new term programs for grabbing news, and for getting PGP sigs from scrollback, etc etc) are all very interesting and worthy of more work. However, I think the BEST way to do this, is to convince Mustang Software (or whoever) to add hooks for PGP or other encryption packages, and then the rest should soon follow. Most users WILL NOT quit using QModem (or whatever) for a new term program that has nothing special but crypto. BUT if you can get crypto into the popular packages, then lots of users WILL use it since well it's THERE, and easy to get to and they don't have to switch software. As for the creation of new term programs, I'd have to say making it RELY on a FOSSIL driver is a BAD idea. FOSSILs are becoming less useful and needed over time. Almost NO new door software uses FOSSILs, because companies like Compaq are making more-compatible machines with less proprietary garbage in them. FOSSIL support that is OPTIONAL would be very nice, for those using old or wierd machines that can't handle standard comm routines, but forcing FOSSIL (or anything else) on anyone is a bad idea in my opinion. Also, those into Fido-tech netting should try to get the developers of FrontDoor, InterMail, D'Bridge, Opus, Maximus, VBBS, BinkleyTerm, etc to add support for the ^ENC klugeline (an addition to the FTSC-standard Fido mail headers, that notifies mailer software that the message is encrypted, so it can be properly processed). Without this the Fido SecureMail system is going to remain minor and ignored. With it, cryptomail could fast become the norm in Fido NetMail. For this corner or cyberspace direct support for this sort of thing could be the "make or break" for whether crypto becomes accepted. Just some thoughts. -- When marriage is outlawed only outlaws will be inlaws! Stanton McCandlish, SysOp: Noise in the Void DataCenter Library BBS Internet anton@hydra.unm.edu IndraNet: 369:1/1 FidoNet: 1:301/2 Snail: 1811-B Coal Pl. SE, Albuquerque, New Mexico 87108 USA Data phone: +1-505-246-8515 (24hr, 1200-14400 v32bis, N-8-1) Vox phone: +1-505-247-3402 (bps rate varies, depends on if you woke me up...:)
All of these ideas (on new term programs for grabbing news, and for getting PGP sigs from scrollback, etc etc) are all very interesting and worthy of more work. However, I think the BEST way to do this, is to convince Mustang Software (or whoever) to add hooks for PGP or other encryption packages, and then the rest should soon follow. Most users WILL NOT quit using QModem (or whatever) for a new term program that has nothing special but crypto. BUT if you can get crypto into the popular packages, then lots of users WILL use it since well it's THERE, and easy to get to and they don't have to switch software.
Actually, I've implimented much of this in telix, using it's (C-like) script language. From the command line, I can type in the name of a batch file. That batch file starts telix, logs me in, sends any mail I have created/encrypted on my machine, and downloads all my new mail, to be read from another batch file. My mail reader batch file uses pgp to read my mail and presents a nice message selection menu, too. Totally transparent, and automated. I'm quite prowd of it. The only thing to do is clean it up a bit, and impliment reply-quoting. That should be done by the end of the week. If any one is interested in what I have.....ask me. BTW, I have had a few bug reports on my pgp menu batch file for 4dos. I will also have it fixed by the end of the week and will release it next week. +-----------------------+-----------------------------+---------+ | J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY | | mdiehl@triton.unm.edu | But, I was mistaken. |available| | mike.diehl@fido.org | | Ask Me! | | (505) 299-2282 +-----------------------------+---------+ | | +------"I'm just looking for the opportunity to be -------------+ | Politically Incorrect!" <Me> | +-----If codes are outlawed, only criminals wil have codes.-----+ +----Is Big Brother in your phone? If you don't know, ask me---+
As for the creation of new term programs, I'd have to say making it RELY on a FOSSIL driver is a BAD idea.
The reason to use FOSSIL, and it is a sufficiently strong reason, is that with some layer of abstraction at that low level, you can't do end-to-end link encryption transparently. For example, if you want to do a download over a secure channel, if you have to use an external protocol, and if that protocol talks directly to the serial port, then you can't use it, because the protocol will see only gibberish. If, on the other had, the protocol driver uses FOSSIL, and if your FOSSIL can set up an encrypted channel, then the protocol will perform as expected without being aware that it's underlying connection is encrypted.
Almost NO new door software uses FOSSILs, because companies like Compaq are making more-compatible machines with less proprietary garbage in them.
The reason to use FOSSIL is not compatibility, but abstraction. It's the only abstraction for serial communications the PC has, and we'd better take advantage of it. Eric
Stanton has a good idea, I think, about getting the developers of packages like Qmodem to set up some kind of hooks for encryption. Is anyone else from the list going to the BBSCON in Colorado this August? If not, I'll try to ask about the possibility of supporting encryption in Qmodem, Telix, Procomm, PC Board, TBBS, Major BBS, and Wildcat. (And of course, offer a helpful suggestion or two if they show any interest.) It would be better if someone better schooled in encryption than myself were going to be there, though. Dr. Cat / Dragon's Eye Productions
participants (5)
-
Dr. Cat -
Eric Hughes -
gregļ¼ ideath.goldenbear.com -
J. Michael Diehl -
Stanton McCandlish