From: Alex Strasheim <alex@omaha.com>
Date: Tue, 29 Nov 94 00:02:54 PST
To: cypherpunks@toad.com
Subject: Re: Transparent Email
In-Reply-To: <199411290714.BAA00246@omaha.omaha.com>
Message-ID: <199411290803.CAA00300@omaha.omaha.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----


I think it's a bad idea to require signatures on the list, or even to 
penalize people who don't use them.  People aren't signing their posts 
because it's too much of a hassle to do it from a dial up, netcom style, 
account, not because they're insufficiently committed to the cause.

It seems to me that such a rule would stifle discussion and encourage 
people to store their keys on insecure accounts.

The real solution is to try to build tools which will make it so easy to 
use crypto that there's simply no reason not to do it.

And towards that end:

I think Eric's point about separating key distribution from encryption
finally sunk in.  It's encouraging for me, because I think we're very
close to being able to implement good transparent systems, at least if we
put key distribution on the back shelf.  I haven't totally thought it
through, but it seems to me that it's almost a matter of assembling a few
existing tools into a coherent system. 

I've just installed Raph Levien's premail as /usr/lib/sendmail on my 
system, and I'm happy to report that it's running well, despite the fact 
that my machine is a very puny linux box.

This means that I can keep a list of addresses that ought to be encrypted 
in my ~/.premailrc file, and outgoing email to those destinations will be 
automatically encrypted and signed, no matter what mail software I happen 
to be using.

This leaves the problem of passphrases for outgoing signatures and
automatically decrypting incoming mail, but I think that cfs will let me
kludge something together which will get around this.  

(My situation is a little unusual, because I'm running linux on a pc which
is connected to the net via a static slip account.  I don't think this
would work well in other situations.)

If, after I power on my machine, I mount an encrypted directory with cfs,
and then connect my slip, I think I can get away with keeping my key
unprotected with a passphrase as long as the keyring is stored in the
encrypted directory.  What's more, if my mail spool is stored in the
encrypted directory as well, a filter which automatically decrypts
incoming mail and deposits the plaintext in the spool would be feasible. 
A good filter would probably stick something in the text to let you know
that it had come with a good signature. 

It would be sort of ugly, but I think it would work.  I'm sort of new to
cfs, though, and I'm sure how it would deal with multiple users (root, my
main account, my cp account which recieves cypherpunk list traffic, etc.). 

But If it worked, I'd have a machine which:

o	talked to the rest of the email universe without difficulty, and
	which uses standard unix software

o	would automatically use crypto when sending mail to a list
	of email addresses, and which could automatically handle
	incoming crypto

o	would be reasonably secure when it was powered off


==
Alex Strasheim | finger astrashe@nyx.cs.du.edu
alex@omaha.com | for my PGP 2.6.1. public key


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBLtrgPREpP7+baaPtAQHTlQP/RYcJi9u5iU0AY4SV1MqNGxAuQDfYwL2G
LcJC5sxYreFGkpwwpA87fRcLi7PreAtS6vFg5tsMXiUXaNS15v1mCDfxr54AwO7C
P3yyHWUTGg1I8CRbDUYlZqksrF3Bqzxy0pDRQGzPEFwP7k8ER72XXeVtIVc8K/zM
CBW+smDOY/w=
=43eM
-----END PGP SIGNATURE-----