So, you walk up to ANY terminal directly connected to a host, or to a terminal server, or a personal computer of any kind connected through a modem, or borrow someone's laptop connected to a cellular modem. You connect your dongle in between the terminal/computer and the communications line, and punch in your secret code on the keypad (which, like phones, also has letters so you can remember fairly long ID-s). Call up, or telnet, dial up a bbs, or connect through any other means, to your host, and log in. Run your favorite mail reader, let's say _elm_. Start reading your mail as you usually would. Any time an encrypted message is displayed whose public key ID matches one of the private keys on your keyring, the dongle temporarily buffers the message it into its RAM, flashes the "decrypt" LED, while decrypting the message. Then you can view the plaintext using a simple, terminal-independent pager that lets you go forward/back one page, and search for a key word. When you are done, you press Q, and the plaintext is immediately deleted from the memory. Note that during all this, the plaintext did not appear anywhere on the host or any of the communication links connecting you to it. Let's say you want to reply to a message. Press 'r' or whatever key is used to reply in your particular mail reader. Or if you want to send a message, press 'm' and fill in the address. Then, if your editor is something like vi or ed that requires you to do something before you can input text (like press 'a') then do that. If you use an editor like EMACS or SMiLE or jove or cat or anything that lets you just type in text, you skip this step. Now, press the "encrypt" button on the dongle. It presents you with a simple line editor, that works with any terminal or terminal emulation, but is reasonably easy to use (something like most bbs-es use for composing messages). You type your message, or if it was prepared ahead of time on the local equipment, you transmit the text. NOTE: this is the simpler of the several different approaches to plaintext handling that I am considering. When you are done, you pick the public key to encrypt it with (or it can be automatically determined based on the address you typed in to your mail program previously). If you have lots of public keys, you could use a search to quickly find the one you want. Then you have the option of signing the message with any one of the private keys that you have. Finally, the dongle transmits the cyphertext to the host, and you type the _exit_ key sequence for the editor (:wq, or C-x C-c, or /done, etc). The message is sent by the mailer software on the host. Then you may want to scan a newsgroup like alt.w.a.s.t.e for any mail that may be for you. Put your dongle into "WASTE SCAN" mode (for example by pressing *WS on the keypad) and tell your newsreader something like "display all new messages". The dongle will detect a message whose key-id matches one of the keys on your key-ring decrypts and displays it, while ignoring all the other messages that are not for you. You must retrieve all the messages, so that anyone monitoring your activity has no way of knowing which one, if any, was actually addressed to you. Then you receive a "talk" request (or a chat call on a bbs, or you may be on irc or a MUD with "chat mode") from someone you know has a similar device (or software that emulates it). If you both know each other's public keys, the two devices both generate a random session key and encrypt it with the others' public key. If not, a key-exchange protocol may be used to generate a key both of you know, but that can not be later recovered by someone recording the data. Now the dongles encrypt any text (one line at at time) that you type, and decrypt anything received. Many other applications for a portable, trusted crypto engine could be thought of, given time. -- Yanek Martinson mthvax.cs.miami.edu!safe0!yanek uunet!medexam!yanek this address preferred -->> yanek@novavax.nova.edu <<-- this address preferred Phone (305) 765-6300 daytime FAX: (305) 765-6708 1321 N 65 Way/Hollywood (305) 963-1931 evenings (305) 981-9812 Florida, 33024-5819
Yanek's scenario might have been great for 1980, but in 1993, if your electronic mail doesn't come right down into the computer in front of you, that you trust, I want to know why not. It works this way for millions of Internet users, AppleLink users, and users of "offline edit" programs for MCI Mail, ATT Mail, compuserve, AOL, Prodigy, etc. It's cheaper to buy computers these days than terminals! Seriously! John Gilmore PS: Don't tell the list -- we've had more than enough traffic recently. Tell *me* (gnu@toad.com) why you use your computer like a terminal instead of like a computer. I'll be gone for a week, so lack of speedy replies doesn't mean I'm not listening.
participants (2)
-
gnu
-
yanek@novavax.nova.edu