Well, I finally got to look at the responses to my poll. FYI, I got 33 replies. This is a small number considering there are (I think) 400+ people on this list. I didn't take the time to actually tally the results for each question. I'm inherently lazy... ;^) I can make some comments about what we use, tho. Note that the lists are in no particular order. Since this was certainly not a scientific poll, I opted to not include any statistics, sorry. I was kinda hoping to have a more homogeneous environment than what we have. Kinda naive, huh? Well, this is what I have to say after reading each of your replies. I would like to thank everyone who participated in my informal poll. I hope the results are usefull to any software-developer-cypherpunks out there. The systems that we use tended to be (IMHO) hi-end PC's, 386's and better. Macs were a close second, with various *nix's forming a large block. This isn't any suprise. The actuall list: PC, NCube, Sun, Mac, IBM RT, IBM RS/6000, DEC/MIPS, VAX, NeXT, HP 7xx, Cray, SGI Indigo, Amiga. As for OS's, MSDOS was, again, the clear winner. It would seem that many people are going from dos, to one of the various (free) unix's for the PC. I didn't know it was so widespread. The list: MSDOS, BSDI BSD/386, SunOS, A/UX, 4.3BSD, UNICOS, Ultrix, Linux, MacOS, HP/UX, NeXTStep, Solaris, AIX, System, IRIX, AmigaDos, vm, DESQview. There are more Cypherpunks who refuse to use online services than use them. Of those who do use online systems, and I counted bbs's and internet as an online system, these are the systems we use: The WELL, MCI, Prodigy, Compuserve, GEnie, AOL, BBSs, netcom, Internet, Fido. I didn't know there were so many mail readers..... SLMR, MH, pine, elm, emacs, Cyberdesk, Mush, NeXTMail, NUpop, GRn, QWK, Eudora, dxmail, LOCALLY DEVELOPED I was shocked to find that people still use pgp v2.1. Why? Also, unix pgp made a strong showing, considering it probably isn't very secure in that environment. The only versions mentioned are: 2.2, 2.1, MacPGP 2.1, unix. I know of other versions, tho. This poll was motivated by all of the talk about writing a secure comm program. Judging from how many different programs in use now, it will be hard to write a program which will please everybody. I also wonder if any of the telix users find telix to be very much like procomm; I did. Of the telix users, would you be interested in helping me test my mail scripts, and perhapse writing extensions for other mail readers, if needed? Hope to hear from you. Anyway, here is the list of the comm programs which we use: MacSamson, JComm, Term, QuickLink II, PPP/SLIP, Seyon, UUPC, Telix, Z-Term, procomm, Kermit, vlt, White Knight, Eudora, QModemPro, Procomm Plus, Telemate, tapcis. +-----------------------+-----------------------------+---------+ | J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY | | mdiehl@triton.unm.edu | But, I was mistaken. |available| | mike.diehl@fido.org | | Ask Me! | | (505) 299-2282 +-----------------------------+---------+ | | +------"I'm just looking for the opportunity to be -------------+ | Politically Incorrect!" <Me> | +-----If codes are outlawed, only criminals wil have codes.-----+ +----Is Big Brother in your phone? If you don't know, ask me---+
Responding to J. Michael Diehl's post ...
Well, I finally got to look at the responses to my poll. FYI, I got 33 replies. This is a small number considering there are (I think) 400+ people on this list. I didn't take the time to actually tally the results for each question. I'm inherently lazy... ;^) I can make some comments about what we use, tho. Note that the lists are in no particular order. Since this was certainly not a scientific poll, I opted to not include any statistics, sorry. I was kinda hoping to have a more homogeneous environment than what we have. Kinda naive, huh? Well, this is what I have to say after reading each of your replies. I would like to thank everyone who participated in my informal poll. I hope the results are usefull to any software-developer-cypherpunks out there.
{ The rest of the post (documenting results) deleted. } I'm sorry that I didn't answer your poll. However, if I had a little bit more time I would have answered it. Unfortunately, this mailing list is so expansive (and my time is so limited) that I only read my mail about once a week. So I became aware of the poll's closing date (last Thursday, 3/6) the next day (i.e., 4/6). Please give a little more time in future. It was a GREAT idea. Thanks for doing it. Cheers, Peter. P.S. In case you're still interested in accumulating results, I respond to email on Sony News-OS V. 4.3 (analogous to Berkeley 4.1). I also use a lot of MS-DOS PCs (mostly on the Elec. Eng. Novell network, although I might be acquiring a 486 pretty soon). As for PGP, ... well I OFFICIALLY don't have a copy, being not a resident of North America :-) ...
+-----------------------+-----------------------------+---------+ | J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY | | mdiehl@triton.unm.edu | But, I was mistaken. |available| | mike.diehl@fido.org | | Ask Me! | | (505) 299-2282 +-----------------------------+---------+ | | +------"I'm just looking for the opportunity to be -------------+ | Politically Incorrect!" <Me> | +-----If codes are outlawed, only criminals wil have codes.-----+ +----Is Big Brother in your phone? If you don't know, ask me---+
-- ==================================================== Peter Murphy - Department of Electrical Engineering, University of Queensland: murphy@s2.elec.uq.oz.au . "Contrary to popular belief, the wings of demons are the same as the wings of angels, although they're often better groomed." - Terry Pratchett. ====================================================
Supose you opened up a socket on the local machine. And that you ran your usual telnet to connect to it. The program listening on the local socket would be responsible for running one end of a 'LINK' like secure protocol. It would connect to either the remote telnet socket, or a special purpose socket at the remote end. There either you can use a pipe to a pty (standard telnet -> login shell -> LINK -> pty), or in a special socket through LINK out the telnet socket. (There is an obvious extention with multiple hops through LINK-socket programs which should provide the same kind of anonymity that is provided by the CP remailers.) In this way, the data passing over the (presumed unsecure) net connection (which might well be slip) is encrypted. I am presuming that both the local and remote kernels are 'secure' enough that you would want to use them. The upside is that you get to use 'comercial grade' telnet==comm programs. Of course this stratagy is no use for folks who don't have sockets on both ends of the channel. It is also likely to be obsoleted as soon as secure-ip gets out. Some ambitious sole might want to try the analogous stratagy where a local pseudo-serial-device is created in software, thus again getting 'comercial grade' comm==telnet programs. I sugest this stratagy, because it is one I am concidereing under MS Windows. I have a telnet which is acceptable, I have slip, and I have the source to LINK, so... (local-telnet) --kernel--> (local-LINK-SOCKET) ----unsecure-network---+ | (remote-telnet) <--kernel-- (remote-LINK-SOCKET) <--+ | (remote-pty) <--kernel-- (remote-LINK) <--kernel-- (remote-telnet) <--+ Infact it would be nice to see some socket (perhaps 32?) become the standard for the secure telnet service. Meanwhile, I did peruse the LINK source and am a little unhappy with the actual protocol used in setting up the secure channel. It is only authenticated in one direction, rather than both (as I understand it). I would like to see two way authentication, and (perhaps) Diffe-Helman key exchange. j'
Meanwhile, I did peruse the LINK source and am a little unhappy with the actual protocol used in setting up the secure channel. It is only authenticated in one direction, rather than both (as I understand it). I would like to see two way authentication, and (perhaps) Diffe-Helman key exchange.
I assume you're talking about the link program I wrote. If so: I never really considered the RSA exchange as authentication although it can be thought of that way I guess. The reason for the RSA part was primarily to exchange a private session key. Only one side initiates the key exchange because of a flaw in the implementation right now (if both send key exchange messages at the exact same time, both ends will end up using different keys). Even though only one end sends a message, both ends must "match up" in that they must both have 1/2 of the RSA key (the "encryption" and "decryption" or "public" and "private" keys). Hence if they end up with the same session key you can consider it a match and hence a sort of authentication I guess. If (when) I implement DH key exchange I guess I should add some sort of authentication. I would like to put DH exchange in but I havent seen (or really looked that hard :) for good DH source. Anyone know of a fast implementation that is public domain (or that I have permission to use) and preferably available outside of the USA already?
j'
participants (4)
-
J. Michael Diehl -
jpp@markv.com -
murphy@s1.elec.uq.oz.au -
Timothy Newsham