Software infrastructure

[nobody at shell.portal.com]

-----BEGIN PGP SIGNED MESSAGE-----

Eric writes:

> The second distinction is between stream and file encryption.If you
> want to encrypt the underlying channel, you need a stream cipher and a
> D-H key exchange.  If you want file encryption, you want a block
> cipher and public keys for communications.

I don't think we should try to put stream encryption into this product.
A problem with stream encryption is that it requires special SW on both
ends.  We would have to not only write a terminal program, but also write
software which would transparently encrypt/decrypt which ran on the host
and then passed the characters on to whatever command shell would normally
run.  I could see doing this with Unix (using pty's, a variant on the
"script" program many systems have) but it may not be too portable.

Stream encryption defends against wiretappers, and may provide some
protection against the more trivial root-based attacks on the host computer
(ones which just monitor the serial port - although if you use the pty idea
there may be an internal serial port that has cleartext and which can be
monitored).  But you are still vulnerable to being monitored by root.  I
don't think the benefit gained is great enough, given the cost, to make
this a good initial feature for the product.

> This also implies the existence of offline mail readers.

It is going to be hard to provide an offline mail reader with the
friendliness of what the user is used to.  Also, offline news reading is
probably out of the question in this environment due to the great volume of
news.  Offline mail also has the problem that some people send great, huge
messages that you aren't interested in.  Online you just look at the first
couple of pages and then delete it.  Offline you download the whole thing,
often paying for it, before you look at it.   

Another approach would be to have a "paranoid PGP" available on your host
computer.  This works much like regular PGP, except it will never ask you
for your pass phrase.  Any time it would, it instead outputs a magic escape
sequence.  This is recognized by your Cypherpunks terminal program and
causes it to run a local program which includes PGP.  The paranoid PGP on
the host automatically downloads the file it was going to decrypt or sign
to the local machine, which runs PGP, asks for your pass phrase, does the
operation, and (perhaps) uploads the results back to the host.  The whole
thing is transparent if you are running the CP term, and your secret key
and pass phrase never left your computer.  (You might or might not want the
plaintext to be uploaded after decryption - perhaps it could be previewed
locally and if it's not too "hot" you can upload it and reply to it on the
host.) 

Under this approach, message ENCRYPTION could be just done on-line since
paranoid PGP doesn't need a pass phrase for that.  So you can compose and
mail your messages without needing any special support, as long as you don't
sign them.

You are still trusting the host, but not as much as if you left your secret
key there and typed your pass phrase into the host computer.  This is less
secure than if you did everything on your PC but lets you use the powerful
editing and mail/news handling capabilities of your host.

This approach does have the same disadvantage I listed with respect to
stream encryption, that it requires some special software on the host.
However, this software should have many fewer host dependencies than a
transparent stream encryptor would.

Hal Finney
74076.1041 at compuserve.com

-----BEGIN PGP SIGNATURE-----
Version: 2.2

iQCVAgUBLAypvagTA69YIUw3AQECTgQAq/dvZ1EExP1GYzKlQcxhMIPT9TExxIes
25L8ZwG5syA6+KEcL2pSfnoPe1l9ZixCjefUnNiy9MYAHBh8uo8IEZ/IoCArSbvs
ImUjayxZjWugHZaBIUsOo/dk5VbX/1tY3CW1eN2wItvtF1RQYk1QPjCYFgECqKeY
UtRAd2p/JqI=
=GAGr
-----END PGP SIGNATURE-----