USENET and US-legal PGP (signing only?)
Hello again! Has there been any progress on a USA-legal PGP? Are negotiations still in progress or are they stalled? I am willing to write code (up to a few thousand lines of C) to help integrate PGP with USENET newsreaders. (I have a little PGP/RIPEM signature verification fuction now, and a section called "Digital signatures, cryptograpy, and USENET" in the online documentation.) I am waiting for a US-legal version of PGP before coding further. I think that USENET provides a wonderful environment for public key crypto applications. My particular interest is in digital signatures for forgery protection. One use of this is in collaborative message filters where people can rate or add keywords to other messages. I would like for all of this to be updated semi-automagically, using usual (insecure!) USENET postings. Greater numbers of strong-crypto users should also help in the political arena. Many people don't see why the current cryptograpy battles are important, because they don't care very much about strong privacy. An easy-to-use cryptosystem integrated into their ordinary tools like newsreaders and mailers will get some of these people involved. For instance, imagine these interactions: ----- start examples ----- [While reading news, the user types 'r' to reply to a message] The poster included a PGP encryption key, and will accept encrypted replies. Encrypt your reply? [nyh] === [User posts a message] PGP key found. Sign this posting? [yn] [User types 'y'] Signing posting using PGP key. Enter your passphrase: [...] === [User posts a message] Digital signature not found. Would you like to generate a digital signature? (type 'h' for help) [nyh] [user types 'h'] A digital signature allows other people to have some confidence that your postings are really from you, and not a forgery. ...[more explanation of digital signatures, about 10-15 lines]... Generating a digital signature usually takes between 5-15 minutes. You will only have to do this once. Would you like to generate a digital signature? (type 'h' for help) [nyh] [user types y] PGP found. RIPEM not found. Generating digital signature using PGP... [Nice, friendly key generation process.] ----- end examples ----- Finally, would it be possible to release a US-legal/RSAREF *subset* of PGP which allows only signatures and signature verification? To my knowledge this wouldn't require violating the RSAREF interface. (My understanding is that the interface problem is that PGP uses IDEA rather than DES for message encryption. The signature is simply an RSA-encrypted hash of the message--this could be handled by the RSAREF package. Correct?) --Cliff -- Clifford A. Adams caadams@polaris.unm.edu | USENET Interface Project: 457 Ash St. NE Albuquerque, NM 87106 | Tools for advanced newsreading STRN (Scan TRN) now in testing: trn 3.3 plus flexible newsgroup menus, fast article scoring with score ordered display, and merged/virtual newsgroups.
participants (1)
-
Clifford A Adams