OTP server..

[Doug Hughes]

How about WWW one time pad servers? You browse to your
favorite OTP server, which has a random number generator
running in the background. You tell it to give you a block
of X bytes, and mail it to persons 1, 2, 3, ... N.

These people then use this OTP for encrypting a document.
It wouldn't be illegal because you aren't encoding any data
and distributing it.. You're generating raw data. You wouldn't
have to distribute any crypto software, you just xor your
data file with the number of bytes that you were sent
in the mail from the OTP server.. Enough of these things
would be REALLY tough to monitor.. Plus, you could connect
8 different times and just pick one of the sets.. Or you
could just use a portion of the set that you and the receiving
party agreed upon.

Or, instead of using email, you could have a application/x-otp
browser that would collect the OTP that the server sent out
to you over HTTP. (this would be really hard to differentiate
from other data if the server was doing other things at the
same time).

Thoughts?

 Doug Hughes				Engineering Network Services
 doug at eng.auburn.edu			Auburn University