I have been working on an idea or a secure chat system for internet and have up with some ideas. The concept is to runa server(a single server) to process the chat for up to say 50 users(more may lag you to death) using public key to secure the system. The server would be on an internet machine and the client would be on the users home pc. We use the home pc concept to avoid transporting raw data(unencrypted) over internet and phone lines. The basic gist (in a pseudo pseudocode) is this: CLIENT SIDE User runs client client asks for password (from pgp key) client checks for servers pgp public key user then connects to the network and such(dumb teminal, with hotkey to activate encryption/decryption) client connects to sever sending userid and hostname client asks for alias client sends server userid hostname start main function when message sent client encrypts with servers public key client sends message to server when message received client decrypts message with users public key (using password supplied at initiation) client displays it to users screen loop to start main function SERVER SIDE Admin starts server with server pgp password as a parameter server waits for connection server gets connection receives host and id server checks id table looking for legal user user is valid connect else boot user check and see if user is logged more than once if true boot both users alarm admin (* This is to make sure noone is lending out their account *) server matches user with pgp key start main function if message sent encrypt message with users pgp public key and sends it out if message received decrypt message sent by user using server secret key and password reencrypt it for each user on the server send message to each user loop to start main function The server would have a copy of each users public key, and a look up table with this format to tell which key is paired with which user: userid@host pgpkeyname When I say a user is logged in more than once in the above comment, I mean logged in on the server, not on his account. The id or hostname of the user is never displayed and cannot be retrieved. There is no similarity to irc, no channels, just one stream going to all users. The data will be encrypted in blocks, and sent out in blocks. There will need to be made some slight changes in pgp to get this to work. flaws: When entering a pgp password, and containing it in memory, this may be retreivable by the root or the server machine. Information will be temporarily stored in kmem, although disorderly, raw. People are stupid. Tell me what you think. People are already wrking on this project, but many more may be needed to bring it to its completion. Since I am not the IP programmer from hell, at this point I am doing the pc client. iI expect bitches about people saying people will use the server for illegal purposes, but because people can use a bathtub for illegal purposes if they wanted to, I will ignore them. Treason@gnu