I must admit. . .

Fri Dec 18 02:25:15 PST 1998

So maybe this needs a multi-phase approach.

1)The mail programs themselves will encrypt between servers.  This can be
used to both protect the message(s) from being read (easily).  Does PGP
also assist by doing some compression?.  Also it can be used to autheticate
messages using a signiture which will have the dual purpose of providing
some tamper proofing.

2)The receiving mail-server will autheticate the incoming message against
its own list of known servers, and validate that the contents of the
message as a whole appears OK.  Maybe it will flag messages that fail these
checks.  It can also flag messages that arrived without server encryption.

3)If the incoming decrypted message is not itself privately encrypted by
the sender it will use PGP to encrypt the message for the user before
storing locally.  If the sender has already encrypted the message then it
will simply store it.

Caveats

A)All systems must have compatible encryption systems or access to those
systems.  (Why limit to just one?) and all those systems must have some
sort of agreed means of flagging the message to allow automatted
decryption.

B)Some means of exchanging public keys must be developed.  This must allow
for keys to be changed.  What happens when keys are changed, and messages
are still in transit from the old keys.

C)Not everyone is wise enough to use UNIX.  Some people even use (pardon
the language) Windoze or even AS/400's.

There is plenty more scope for discussion here I think even if it is some
of the less verbally able slagging off about old ideas that can't/won't
work because ... etc.  Surely there are enough brains out there to thrash
this through properly.

Hwyl

"William H. Geiger III" <whgiii at openpgp.net> on 18/12/98 00:23:05

To:   "Marcel Popescu" <mdpopescu at geocities.com>
cc:   "Cypherpunks list" <cypherpunks at toad.com> (bcc: Richard
      Bragg/UK/SSA_EUROPE)
Subject:  RE: I must admit. . .

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In <000301be2a14$9e5a8ec0$22fcb3c3 at roknet.ro>, on 12/18/98
   at 01:26 AM, "Marcel Popescu" <mdpopescu at geocities.com> said:

>> I for one would like sendmail integrated with PGP. For example:
>> sendmail asks receiving server if it has PGP, and please give
>> your public key, I have mail for you.. Then send the e-mail
>> encrypted, while the receiving sendmail decrypts it and delivers
>> forwards. This is not very effective, but it would help some.

>I think this is a great idea. First time I'll play with making a POP
>client (an idea that appeals to me once in a while) I'll think about
>it...

Wouldn't it be more efficient to use TLS or SSH as an encryption protocol
between the POP3d and the POP3 client? This could also be used for
sendmail<->sendmail transactions.

This still does not address local storage on the POP3d server. I am
looking to setting up procmail to automatically PGP encrypt incomming
messages and the forwarding them to a local account so even if the sender
does not have PGP once the message is received by the PGP mail forwarder
the messages will be PGP encrypted (I have had several people contact me
looking for solutions to ISP's snooping on their mail without relying on
the senders using PGP).

- --
- ---------------------------------------------------------------
William H. Geiger III  http://www.openpgp.net
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
- ---------------------------------------------------------------

Tag-O-Matic: OS/2: Your brain.  Windows: Your brain on drugs.