Keystone

Eric Hughes hughes at soda.berkeley.edu
Wed Oct 21 09:43:25 PDT 1992



Eric:
>:I would be hesitant to implement a system that _only_ required a user
>:to generate a key pair.

Loyd:
>I take the opposite view -- I dare *not* supply such a system. 
[...]
>But many users do not have the interest/time/ability to set up PGP on their
>home system. For them, I want to provide the best possible privacy given the
>ease with which anyone who can find their local LMOS can tap (voice or data)
>a line...

Where is the key pair generated?  It must be on the BBS since your
user may not have PGP running.  The private key isn't private!  The
work to do public key encryption in the first place is hardly valuable
if the owner of the private key doesn't hold it.

If you just want inter-BBS privacy, why not set up each BBS with a PGP
key pair, and use that for transfering messages?  There's not much
difference in security.  A monitoring sysop would be able to read all
the traffic originating on that board in either system.  The
difference is that such a monitoring sysop would not be able to read
replies.  Why?  Because the private keys are kept on the originating
board.

But it sounds as though you're trying to prevent against external
monitoring and that you trust your sysops.  In this case there is no
advantage to issuing keys to individuals; it's just not worth the
effort.

Loyd:
>I don't have my user's terminal program -- I *do* have the bbs software.

This is the unfortunate fact of the situation, I acknowledge.  But do
you know what terminal programs are in the most common use?  I suspect
most of this stuff could be done with script programming in the
various terminal packages.

Do you know, in aggregate, how many users of each terminal program you
have?  You can poll your users to find out.  You'll need this data to 
allocate your effort.

And you've got lots of people willing to help, even if they can't
because they are working on other projects.  Everyone on this list,
for example.  Let me repeat, for those of you who did not previously
know you were willing to help.  Everyone on this list should be
willing to help Loyd write scripts for his users to use PGP.  

Cypherpunks write code.

This will mean someone who knows Procomm, Crosstalk, Qmodem, Telix,
etc.  for the PC, someone who knows the various Mac, Amiga, Atari, and
other machines.  This will mean someone to write nice pretty visual
interfaces for PGP to put all the PGP options on menus where they are
all visible.  This will mean people to think about BBS/terminal
protocols.  This will mean lots of individual contributions, no single
of which need be large, but whose sum will be.

Eric







More information about the cypherpunks-legacy mailing list