Huh? Phil almost _never_ signs his messages, and has talked about how difficult it is to go through the rigamarole of signing, authenticating, etc.

(I sympathize with him, and I intensely dislike getting PGP-encrypted messages, decrypting them, only to find a banal message that wasn't worth the effort.)

Huh? Nonsense? vie: - use PGP to sign & encrypt vis: - use PGP to sign Both of these sign or sign/encrypt outgoing messages automatically if you're using "elm" - just use them in place of your favorite editor. pgpview does the same thing for incoming email. Use it in place of your mail viewer in elm. #! /bin/sh # # Created by shar, version 0.5 - 04/10/91 # # This is a shell archive, meaning: # 1. Remove everything about the #! /bin/sh line. # 2. Save the resulting text in a file. # 3. Execute the file with /bin/sh to create: # # length name # ------ ------------------------------------- # 28 pgpview # 282 vie # 102 vis # # # Archive number 1 # This archive created Tue Aug 23 21:59:07 1994 # echo "shar: extracting pgpview - (28 characters)" if test -f 'pgpview' ; then echo shar: will not over-write existing file pgpview else sed 's/^X//' << \SHAR_EOF > 'pgpview' Xpgp +batchmode -m | less -c SHAR_EOF if test 28 -ne "`wc -c < 'pgpview'`" ; then echo "shar: ***** error transmitting file pgpview (should have been 28 characters, but was "`wc -c < 'pgpview'`" characters) *****" fi fi touch 0823215894 pgpview chmod 0777 pgpview echo "shar: extracting vie - (282 characters)" if test -f 'vie' ; then echo shar: will not over-write existing file vie else sed 's/^X//' << \SHAR_EOF > 'vie' X# X# vie - like vi, but sign & encrypt with pgp X# Xsed -e 's/^> //g' $1 > $1.clr X# why doesn't pgp $1 $1.clr work? It should produce $1.clr... <sigh> Xpgp +force $1.clr $1 Xsed -e 's/^/> /g' $1.clr > $1 X/bin/rm -f $1.clr Xvi $1 Xclear Xpgp -seta +clearsig=on -u `logname` $1 Xmv $1.asc $1 SHAR_EOF if test 282 -ne "`wc -c < 'vie'`" ; then echo "shar: ***** error transmitting file vie (should have been 282 characters, but was "`wc -c < 'vie'`" characters) *****" fi fi touch 0823215894 vie chmod 0777 vie echo "shar: extracting vis - (102 characters)" if test -f 'vis' ; then echo shar: will not over-write existing file vis else sed 's/^X//' << \SHAR_EOF > 'vis' X# X# vie - like vi, but sign with pgp X# Xvi $1 Xclear Xpgp -sta +clearsig=on -u `logname` $1 Xmv $1.asc $1 SHAR_EOF if test 102 -ne "`wc -c < 'vis'`" ; then echo "shar: ***** error transmitting file vis (should have been 102 characters, but was "`wc -c < 'vis'`" characters) *****" fi fi touch 0823215894 vis chmod 0777 vis echo End of all shell archives exit 0 -- Ed Carp, N7EKG Ed.Carp@linux.org, ecarp@netcom.com Finger ecarp@netcom.com for PGP 2.5 public key an88744@anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever"

It may very well be that he only signs messages to `public' forums or that he only signs things when he considers the message to be more important than normal, however, the majority of the messages that he has sent out to cypherpunks, alt.security.pgp, etc. in, say, the last

I don't think this is the case. Most PRZ messages I've seen have been unsigned; only the recent ones on the PGP 2.6 business have been signed. I use MacPGP on my home Mac...I don't trust Netcom or any other system outside my direct control for this. I figure if it's worth signing, it's worth signing with a secure key, not just a "casual grade" key (this is the term used by Jay P.P. and others for crypto on unsecured machines...this involves having more than one public key, etc.). (This is the main answer to Ed Carp's suggestion about PGP in elm.)

Hmmmm. FWIW, it typically requires two keystrokes for me to do any of the half dozen PGP operations that I do most often. I've heard of at least three other emacs-based interfaces for simplifying PGP interaction and there seem to be quite a few other `helper' packages around for other email environments.

See above. I'm not interested in the various elm and emacs PGP packages. Any sysop can not only obtain your secret key, stored on his system, but he can also capture your passphrase as you feed it to the PGP program (assuming you do...many people automate this part as well). Since this sysop or one of his cronies can then compromise your mail, sign messages and contract as "you," I consider this totally unacceptable. Others apparently don't.

regardless of the content. In any case, I find it quite disappointing to hear that one of the cypherpunks founders frowns on people actually using strong crypto on a routine basis. Sigh...

"Sigh." --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."

L. Todd Masco writes:

In article <199408240440.VAA06740@netcom4.netcom.com>, Timothy C. May <tcmay@netcom.com> wrote:

...

Since this sysop or one of his cronies can then compromise your mail, sign messages and contract as "you," I consider this totally unacceptable. Others apparently don't.

Well... Either that, or they have their own UNIX boxes (an increasing trend in this world of Linux boxes...) or other personal machines that run an MTA and emacs.

Precisely! In fact, I think I cited the Linux phenomenon just a day or so ago...(in a mention of cheap Pentium boxes). When many more locally-controlled boxes are on the Net, conveniently, then things should start to really get going. Until the "Internet-in-a-box" or TIA-type products are more widespread, many people will be connecting home or office machines to other systems they don't control. (To put this in sharper focus: do you want your electronic money being run out of an account that your sysop and his friends can monitor? Not hardly. "Electronic purses," which may be smart cards, Newton-like PDAs, or dongle-like rings or pendants, are clearly needed. Another entire discussion.) Too many people are kidding themselves that their messages are secure. That their electronic identities cannot be spoofed. Debate about whether PGP needs 4096-bit keylengths is absurdly moot if PGP is being run on a university or corporate computer outside the direct control of the user! Some folks who use PGP on such machines at least take steps to better secure things....Perry Metzger, for example, once described the multi-stage process he went through each day to reload his key material in a way he felt was quasi-safe. Yes, some of you PGP fans may say "Sigh!" when you hear that I don't particularly like downloading-and-then-decrypting a message only to find it saying, "Gee, Tim, isn't this PGP stuff really neat?" Too bad. Not only do many of us not do all this stuff (have you seen Eric Hughes signing his messages? How about John Gilmore?), but some people have decided to stop reading e-mail altogether. Donald Knuth, for example. A wise man. I'm happy that you PGP fans are thoroughly infatuated with using PGP for everything. Just knock off the clucking and sighing about those who don't see it as the end-all and be-all of today's communications. It reeks of fanaticism. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."

Timothy C. May says:

Some folks who use PGP on such machines at least take steps to better secure things....Perry Metzger, for example, once described the multi-stage process he went through each day to reload his key material in a way he felt was quasi-safe.

Quasi. I'm pretty sure that anyone who cared enough could have gotten hold of my ancient pmetzger@shearson.com key, which I keep around only for nostalgia reasons at this point -- I believe its one of the oldest keys still on the rings. On the few occassions when I've truly cared, I've generated new keys to use and only used them for a brief period -- PGP provides very poor forward secrecy. (By the way, I've become convinced with time that the forward secrecy characteristics of systems like this are far more important than people believe, especially since keys are likely to be so poorly managed by most non-paranoid users. Diffie-Hellman provides perfect forward secrecy.) Tim's point is, however, correct -- using PGP on Joe Random University's central computing facility is not the way to go if you are really concerned about security. You have to run it only on hardware you personally control, and which others do not have much if any physical or network access to. Also importantly, the user interfaces for PGP simply suck as it stands, making people like Tim uninterested in going through the rigamarole needed to use it on a day to day basis. The real revolution isn't going to come until people are able to use PGP and the rest both reasonably securely without it being especially noticable that they are doing so -- and that is a while off. Perry

-----BEGIN PGP SIGNED MESSAGE-----

At the risk of repeating myself, what's the problem with wrapping PGP in a shell script? Works for me - see a previous mailing, complete with wrapper scripts. I can send either encrypted or just signed email without especially noticing it.

At the risk of repeating what Tim's said in the past, shellscript wrappers are useless to people who use Macs, Windows/WinNT, and so on. At the risk of repeating what Tim, Perry, and several others have said, using PGP- with or without shell scripts- on a machine which you do not physically control is also risky. - -Paul - -- Paul Robichaux, KD4JZG | Demand that your elected reps support the perobich@ingr.com | Constitution, the whole Constitution, and Not speaking for Intergraph. | nothing but the Constitution. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLluTZqfb4pLe9tolAQEUUAP9F3gnvVC3HXvx2lB8RZzJaS/xdSkbldqp sH2WN0WdqZ/R+SJstCC1KL/Z4gd0fQAShIlyxG41pWkFVtQpCYXY4lR7ScX4/4/b F78BcBHtz+2wIWq1CO0DnCxjOcgAZNvzhCzJUMr8l4AS2kfiMLh8r0uSUsq7jq93 vGNiBJu0+Ys= =OQO0 -----END PGP SIGNATURE-----

In article <m0qdImM-0004EcC@khijol.uucp>, Ed Carp [Sysadmin] <khijol!erc@apple.com> wrote:

At the risk of repeating myself, what's the problem with wrapping PGP in a shell script? Works for me - see a previous mailing, complete with wrapper scripts. I can send either encrypted or just signed email without especially noticing it.

Okay, I'm the Evil NSA Sysadmin from hell. I want to collect all the info available on my users. The NSA gives me $50 per keypair, snitch money. Or I just like to be able to read all your mail, and would like to have the option of, at some point, forging something from you. So, I replace the shells on machines under my control with programs that invoke something like tee(1) to split stdin and stdout to files and then execs the intended shell. For good measure, I overwrite the process entry in the running kernel. So I now have a files of every keystroke you type, and if I'm clever about how I do it (I will be), I can correlate them with the stdout. I just search for "pgp" and bingo: I've got your passphrase. Since I'm root, getting your keyfiles is trivial. Your keys are toast, and you don't even know it. There are a gazillion other ways the ENSFH could have done this: monitoring your /dev/tty vector in the kernel would be far more subtle, for example. The key thing to remember is that the computer isn't your tool: it's the tool of the people with root. Not only that, but I don't even have to steal your keys: the plaintext will exist at some time, and I can trap that -- by only twinning your stdio. The network security is almost as important, since there are probably many more malicious people outside your machine than inside. So, if you're running UNIX, you'd damn well trust everyone with root, run a logging /bin/login, be behind a firewall, replace the crypt that passwd uses with some transformation, put shadow passwd files in place, make crypt log usage and place appropriate monitoring software to watch the logs, monitor the machine from another machine behind your firewall, and a host of other things. Security is not easy -- Tim's point is that you can't get it by just running some package; If you think you can, you're fooling yourself and everytime someone puts on a securer-than-thou-because I run PGP air, they're showing themselves to be totally clueless. This is all very rudimentary -- come on, you've got to be paranoid where security is concerned. There are many vectors of attack and you've only got to miss the one that someone tries to lose big. -- L. Todd Masco | "Large prime numbers imply arrest." - Previously meaningless cactus@bb.com | grammatically correct sentence. Now...

James Hightower writes:

Which brings me to the question; "What ARE people using, and what are they GOING to use?" Can anyone point me to a survey of the most used ways for e-mail to get on the net, and what will be most used in the future? The problem of insecure machines can be dealt with, but right now I have only knowledge of the insecure machine I use for email, and how I deal with it.

We did a survey of this nearly 2 years ago, at the second Cypherpunks meeting. Got about 10 main mail programs being used, about the same number of editors, and about as many platforms.

If no such surveys exist (which I find hard to believe) than I'll do one myself.

I think this is a great idea. I suggest we toss around a few questions, to make the poll as useful as possible (and so it doesn't have to be done a second time to fill in missing gaps). Here are a few questions I'd like to see (with *my* answers included to help show context): * Internet service provider: Netcom, SunOS Release 4.1.3 * Accessed via: Macintosh IIci, running VT100 emulator, White Knight 11.14 * Online mail program used (if any): elm * Online text editor used: emacs * Offline mail program used (if any): Eudora 2.0.2 * Offline text editor used: Eudora, Microsoft Word, etc. (any Mac program) * PGP version used: MacPGP 2.3 In the poll of two years ago, this was abbreviated into a message like: "Netcom/elm-Eudora/emacs/MacPGP 2.3" for easier processing. And the poll taker could simply list all the one-line responses so as to give developers/readers a better feel for the environments being used, a la: "Netcom/elm/emacs/PGP 2.6ui" "CRL/emacs/emacs/PGP 2.7" "Linux/xmail/pine/PGP 2.3" "AOL/??/??/not allowed" etc.

his movies-on-demand and access to the SuperMall(TM) and, incidentally, his E-mail capability, it might be a good thing to know in advance what J. Q. Consumer will be using so that we can be there with strong, usable crypto when he gets there.

Here I differ, as I don't think we can plausibly do a poll of what "J.Q. Consumer" is using, or plans to use. That's a huge job, fraught with polling problems. And J.Q. Consumer himself has no idea of what he "will be using," so why bother? I had assumed the poll was of *us*, which is both a manageable poll to take, and a useful one. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."

From: "Timothy C. May" <tcmay@netcom.com> Date: Tue, 23 Aug 1994 23:30:18 -0700 (PDT) Yes, some of you PGP fans may say "Sigh!" when you hear that I don't particularly like downloading-and-then-decrypting a message only to find it saying, "Gee, Tim, isn't this PGP stuff really neat?" Too bad. Actually, my sigh included a bit of ``Gee, I thought this guy was supposed to be one of the mega-rich, so why's he so low-tech that he can't run PGP, etc at home.'' As to the security, using PGP in the way that I do routinely is more secure than not using it -- the number of people who have the special access that would ease the cracking effort is limited. Also, the key that I advertise is not my only key. To the best of my knowledge, my secure key pair has never had either the public or private part touch a hard disk, much less a network. I'm happy that you PGP fans are thoroughly infatuated with using PGP for everything. Just knock off the clucking and sighing about those who don't see it as the end-all and be-all of today's communications. It reeks of fanaticism. Oh puhleeeze . . . . Trying to get strong crypto to be commonplace is hardly the most fanatical thing that gets discussed on this list. Rick

Yes, some of you PGP fans may say "Sigh!" when you hear that I don't particularly like downloading-and-then-decrypting a message only to find it saying, "Gee, Tim, isn't this PGP stuff really neat?" Too bad.

Not only do many of us not do all this stuff (have you seen Eric Hughes signing his messages? How about John Gilmore?), but some people have decided to stop reading e-mail altogether. Donald Knuth, for example. A wise man.

I think that's because Knuth is rather famous. I imagine that his mailbox stays rather full ;)

I'm happy that you PGP fans are thoroughly infatuated with using PGP for everything. Just knock off the clucking and sighing about those who don't see it as the end-all and be-all of today's communications.

It reeks of fanaticism.

I don't quite see it that way - it's just easier for me to automatically sign my messages than not if I choose to set my mailer up that way. If I want to encrypt, it's just a couple of keystrokes in elm to change my editor to the appropriate script. I guess I really don't understand your objections, Tim. True, not every UA is as easy as elm to change operating parameters, but it works for me. PGP is easy and not-too-slow to use, and it integrates fairly well into scripts. I've been using these little scripts for months and while they're not quite as flexible as I'd like, they do the job - easily, transparently, and automatically. -- Ed Carp, N7EKG Ed.Carp@linux.org, ecarp@netcom.com Finger ecarp@netcom.com for PGP 2.5 public key an88744@anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever"

On Thu, 25 Aug 1994, Dave Horsfall wrote:

He's also trying to complete his "Art of Computer Programming" series...

Is Volume IV out yet? My I-III still await the promise of the Intro... -NetSurfer #include standard.disclaimer

...

...

...

...

...

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.7: 512/E12FCD 1994/03/17 > " " " |P. O. Box 15432 | finger for full PGP key > " " /\ " |Honolulu, HI 96830 |====================================> \" "/ \" |Serendipitous Solutions| Also NetSurfer@sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

He's also trying to complete his "Art of Computer Programming" series...

Has anyone heard what the status of the 4th volume is? I thought that I had heard that Addison-Wesley was taking preorders for it about 2 years ago, but I haven't heard anything since. Paul

John Kreznar writes:

Stick to your guns, Rick. Even cypherpunks founders can become corrupted. Here is how Tim's perspective was publically reported a mere year ago:

"Corrupted"? A mere "PLONK* is not sufficient for this sort of crap. Disgusted, --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."

Perhaps the readers of this list may be interested in a thing called PGPsendmail, which automatically encrypts/decrypts mail.

Are you on this list, Richard?

-- Dave Horsfall (VK2KFU) | dave@esi.com.au | VK2KFU @ VK2AAB.NSW.AUS.OC | PGP 2.6

There are several such tools. Tools for editors, for mailers, tools etc. What is being missed here is the issue of where the PGP operations are being done. If done on a machine outside the direct control of the user, obvious security holes exist. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."

Dave Horsfall says:

Perhaps the readers of this list may be interested in a thing called PGPsendmail, which automatically encrypts/decrypts mail.

Are you on this list, Richard?

Again, this is only of use on a machine that is totally within your control and both physically and network secure. .pm

Carl said:

Isn't it time for cypherpunks-who-write-code to respond to this obvious customer need?

I have no mailer myself but I do have a friend who produces one and I'm helping him to incorporate PGP seamlessly. It's taking a long time but it should be worth it.

Anyone else out there with their own mailer?

I've fooled around with writing a mailer, and I ran up against a few walls. The biggest one was my not being the world's greatest programmer, and not knowing much about email systems. But there are other problems as well, that I think would plague anyone who tries to write a mailer. The goal that I was working for was pretty straight forward: some sort of a secure system that would be as transparent as possible. Ideally, it would work just like elm or pine or eudora: you'd just say "I want to send mail to so-and-so", and all the rest would happen automatically. The mail would be encrypted, your signature would be affixed, the recipient wouldn't have to worry about decrypting the mail, and there'd be some small little indicator on his status bar that said the signature was good. The first thing I realized when I started fooling around with this is that my basic design, which was modeled on a QWK packet offline reader, wasn't practical. Why? First of all, all of the crypto work has to be done on a machine controlled by the user. This is obvious, and it's the reason I wanted to go QWK style in the first place. But think about what happens if you dl a packet of incoming mail. Inside, you've got a letter from someone you've never met before, and it's signed. How can you verify the signature? Right now, people don't use secure mail for day to day traffic because it's too much of a hassle. You can write a mailer to automate encryption and decryption, affixing and verifying signatures. But you're still going to have to require users to hunt down keys, decide if they want to trust them, and load them onto their key rings. That's enough hassle for most people to stick with elm. It seems to me that a prerequisite for a transparent, secure mail system is an efficient, interactive, IP based key distribution system. It would have to be distributed, at least if we were serious, because it would have to be able to handle several million people's keys. And the web of trust would have to be such that keys could be accepted (or rejected) automatically, without human intervention. If such a system of keyservers existed, it's not hard to imagine really useful secure mail systems, although implementing them would still be an awful lot of work. Sendmail could be configured to feed mail through programs to handle the crypto work on single user unix machines (or even on multi-user machines, if the users trusted the sysadmin), and some sort of a secure pop system could be developed for other people. But this would be a very big project, and would necessitate agreements on standards, etc.

THUS SPAKE Rick Busdiecker <rfb@lehman.com>: # Alright, well I'll go ahead and be the weanie that points out that # this is the first non-signed message from PRZ to appear here, at least # in a long time. # # Conspiracy theory anyone? :-) Could also be that we're at CRYPTO94 at UCSB, and there are no phones in the dorm rooms, and we have to use other peoples' computers .... right now I'm in the library on a stupid ibm terminal ... if I used PGP right now, I'd have to type my password thru a plaintext telnet session :( so i won't. unsigned, strick