:I would be hesitant to implement a system that _only_ required a user :to generate a key pair. This, for the users, is too much provided :privacy. It will not teach the users how privacy really works, nor :will it give them any good idea how their privacy is being maintained. I take the opposite view -- I dare *not* supply such a system. Any user that is interested enough in 100% privacy will be encouraged -- both from the email prompt and through the message bases/file areas -- to d/l a copy of PGP. I'll probably write a tutorial on using it as well. But many users do not have the interest/time/ability to set up PGP on their home system. For them, I want to provide the best possible privacy given the ease with which anyone who can find their local LMOS can tap (voice or data) a line... :Defended privacy does not need to be difficult. I would spend effort, :instead of modifying BBS software, to make it easier for users to :handle encrypted email with their own terminal programs. I don't have my user's terminal program -- I *do* have the bbs software. :Again, trusted systems can turn into provided privacy. If there is a :distributed solution you can think up, use it. I don't know any way to maintain an up-to-date, central keyring without someone being in charge of regular updates. I'd make it available via Fido, FTP, BMS and regular d/l. Loyd *************************************************************************** * loydb@fnordbox.UUCP Once you pull the pin, * Loyd Blankenship * * GEnie: SJGAMES Mr. Grenade is no longer * PO Box 18957 * * Compu$erve: [73407,515] your friend! * Austin, TX 78760 * * cs.utexas.edu!dogface!fnordbox!loydb * 512/447-7866 * ***************************************************************************
Eric:
:I would be hesitant to implement a system that _only_ required a user :to generate a key pair.
Loyd:
I take the opposite view -- I dare *not* supply such a system. [...] But many users do not have the interest/time/ability to set up PGP on their home system. For them, I want to provide the best possible privacy given the ease with which anyone who can find their local LMOS can tap (voice or data) a line...
Where is the key pair generated? It must be on the BBS since your user may not have PGP running. The private key isn't private! The work to do public key encryption in the first place is hardly valuable if the owner of the private key doesn't hold it. If you just want inter-BBS privacy, why not set up each BBS with a PGP key pair, and use that for transfering messages? There's not much difference in security. A monitoring sysop would be able to read all the traffic originating on that board in either system. The difference is that such a monitoring sysop would not be able to read replies. Why? Because the private keys are kept on the originating board. But it sounds as though you're trying to prevent against external monitoring and that you trust your sysops. In this case there is no advantage to issuing keys to individuals; it's just not worth the effort. Loyd:
I don't have my user's terminal program -- I *do* have the bbs software.
This is the unfortunate fact of the situation, I acknowledge. But do you know what terminal programs are in the most common use? I suspect most of this stuff could be done with script programming in the various terminal packages. Do you know, in aggregate, how many users of each terminal program you have? You can poll your users to find out. You'll need this data to allocate your effort. And you've got lots of people willing to help, even if they can't because they are working on other projects. Everyone on this list, for example. Let me repeat, for those of you who did not previously know you were willing to help. Everyone on this list should be willing to help Loyd write scripts for his users to use PGP. Cypherpunks write code. This will mean someone who knows Procomm, Crosstalk, Qmodem, Telix, etc. for the PC, someone who knows the various Mac, Amiga, Atari, and other machines. This will mean someone to write nice pretty visual interfaces for PGP to put all the PGP options on menus where they are all visible. This will mean people to think about BBS/terminal protocols. This will mean lots of individual contributions, no single of which need be large, but whose sum will be. Eric
participants (2)
-
Eric Hughes -
fnordbox!loydb@cs.utexas.edu