Re: PGP Mailer for the masses ?
-----BEGIN PGP SIGNED MESSAGE----- To: provos@wserver.physnet.uni-hamburg.de, coderpunks@toad.com, cypherpunks@toad.com Date: Fri Aug 09 15:56:37 1996 Niels, Thanks, for describing the features of Pronto Secure :) This is how Pronto Secure matches up to your checklist:
Here is just a short list what such a programm should be able to do: ( all options should be optional ;)
Sending Mail: - Clear signing of outgoing mail YES
- If public key of recipients is known encrypt with those keys YES
- If there is access to a public keyserver try to get a public key for the recipients YES
Receiving Mail: - While reading mail ( similiar to premail ) try to check existing signatures if public key is available otherwise try to get public key from server YES (do on the fly signature checking as mail arrives in inbox)
- Traverse the web of trust and show how the public key is related to one own keys to mutual signatures on other public keys ( For example mean distance to a key signed by the recipient himself ) NO (we handle certification by allowing the user to modify a list of trusted certifiers for signing keys)
- If the mail contains a public key add it to the keyring NO (Key is shown as an attachment icon double click on it adds it to the keyring)
- Don't show pgp blocks in Mail since they might confuse YES
Keymanagement: - Should be integrated in the addressbook together with E-Mail Address and name. YES
- Keys should be imported via generation or via mail or via a file YES (or the clipboard)
- If you have a public key without an entry in the addressbook take the EMail and Name from the public key YES (or prompt user to supply address)
- One should be able to sign the keys during import if origin is known NO (signing keys is a separate process. This gives the user an opportunity to authenticate on another channel)
Misc: - Passphrase should be kept in memory for a definable time, 0 for immediate deletion, thus you would be prompted for the passphrase each time you use it. Question about Windows Swapspace ? or tag the memory as uncacheable ? NO (Keyboard sniffing is too easy to do in Windows, This would give a false sense of security)
I would suggest creating a library with seperate io and gui parts in order to motivate peeple in helping who do not want to support mainstream products like Windows. Like taking the PGP 3.0 lib ( is it out yet ?) and modify it a bit. YES (Separating UI from security functionality is also the right way to go for offering plug in security providers)
Since there are a variety of good functioning mailers available already it wouldn't make sense developing the whole stuff but instead only integrate the library into existing products. NO (It will not be an easy task to design a general library of UI elements that any mail client will be able to seemlessly plug into.)
Do you think that such proposal is senseable and that there are people who would be willing to support the idea with programming affords ?
It exists. Plus a few additional features not mentioned, and a much longer wish-list in the process of being implemented. Check it out. It is available from http://www.commtouch.com/p1.htm IMPORTANT: COMMTOUCH WILL GIVE A FREE COPY OF PRONTO SECURE TO ANY MEMBER OF THE CODERPUNKS/CYPHERPUNKS LISTS SUPPLYING USEFUL FEEDBACK ABOUT THE PRODUCT. The impressions of early users of Pronto Secure can be viewed at: http://www.commtouch.com/testers.htm (many of whom are list members) Regards, Geoff. - --------------------------------------------------------------- Geoff Klein, Pronto Secure Product Manager; www.commtouch.com My PGP public Key 1814AD45 can be obtained by sending a message to geoff@commtouch.co.il with "Get PGP Key" as the subject. - ---------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBMgs1ikLv5OMYFK1FAQGe/gP/RdXtVIwo7aupkJn6X4VNTuNHHymPf9fJ k7FAsONAAP9qbr4UaWzJXxWuvmxLgt5gsMpk6yzp6vY80krQqPf6SqphW7FOjGTq PB05bNLDHm9SRGjVvKRHzGbOr094gkFpeso2C3MeMiDbT0J5gsLJOeMJsIb4NW2A lHZ6e+o535w= =R2jc -----END PGP SIGNATURE-----
Thanks, for describing the features of Pronto Secure :) This is how Pronto Secure matches up to your checklist:
- Traverse the web of trust and show how the public key is related to one own keys to mutual signatures on other public keys ( For example mean distance to a key signed by the recipient himself ) NO (we handle certification by allowing the user to modify a list of trusted certifiers for signing keys) I personally would find it useful if you could get a measure of
-----BEGIN PGP SIGNED MESSAGE----- On Fri, 9 Aug 1996, geoff wrote: trustworthy ness due to keydistance. Like that if I knew that the sender is only 2 keys away from my own I would most likely trust his public key to be the original, it would be nice to see the signing people involved though: Max Miller |-signed- a friend of mine <-signed- me |-signed- Molly Malone <-signed- Someone <-signed- friend <- signed me According to http://bcn.boulder.co.us/~neal/pgpstat/ there were 19124 keys in the keyserver but the biggest werb of trust had only 1291 keys and the next only 16 keys. The mean key distance was between 6 and 7. That means that you don't have to get too many public keys in order to find the connection to your key and on the other hand it might show that calculating trust according to keydistance isn't worth is since the web of trusts are so small. But I figure if you would show the connection of keys in your mailer it might encourage people to participate in key signing parties.
Misc: - Passphrase should be kept in memory for a definable time, 0 for immediate deletion, thus you would be prompted for the passphrase each time you use it. Question about Windows Swapspace ? or tag the memory as uncacheable ? NO (Keyboard sniffing is too easy to do in Windows, This would give a false sense of security) How would you get the pass phrase if not via the keyboard ? And if you keep it in memory till you sign off ( like in premail ) you would only have to type it once, though capturing the pass phrase once is normaly enough.
I would suggest creating a library with seperate io and gui parts in order to motivate peeple in helping who do not want to support mainstream products like Windows. Like taking the PGP 3.0 lib ( is it out yet ?) and modify it a bit. YES (Separating UI from security functionality is also the right way to go for offering plug in security providers)
Though I think that Pronto Secure will help spread the use of cryptography I would prefer a source code distributed library which could handle most of the stuff needed including for example preparing encrypted requests to key servers ( via anonymous remailers or not )( it keyservers will implement encrypted requests ) or calculating the key distance if possible with the available keys. I guess one should wait for the arrival of the pgp 3.0 lib and evaluate what it can and can't. Greetings Niels Provos =8) - - PHYSnet Rechnerverbund PGP V2.6 Public key via finger or key server Niels Provos Universitaet Hamburg WWW: http://www.physnet.uni-hamburg.de/provos/ Jungiusstrasse 9 E-Mail: provos@wserver.physnet.uni-hamburg.de Germany 20355 Hamburg Tel.: +49 40 4123-2504 Fax: -6571 -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 iQCVAwUBMgtHOcweILHCAJhBAQFtyQQAo+UQF3KmpAIIQ/rEh1JHHAsQUBd9k6dk OB2lfer/dV+kDUrgpW3CDP/GdlgMIl6LCReJz6pXTA1RShQ74cdB0HokQDfytfJW pWjHbnUcrfCmotG4KjcWw4MBJLXLbBGY0yqcmhTiOCTpLNuv52Tvtz86vOwe4yxq ysXIXokGJpw= =5An3 -----END PGP SIGNATURE-----
participants (2)
-
geoff@commtouch.co.il -
Niels Provos