From: bryce@digicash.com
Date: Sun, 7 Jul 1996 06:53:18 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Need PGP-awareness in common utilities
In-Reply-To: <199607061753.MAA31894@manifold.algebra.com>
Message-ID: <199607061950.VAA21507@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

An entity calling itself ichudov@algebra.com probably wrote 
something like:
>
> My moderation bot STUMP is not only PGP-aware, it is also doing
> a lot of PGP-related things. Among them: 
> 
> 1) For posters who voluntarily chose additional protection, STUMP allows
> only messages with a valid PGP signature to be posted. 
<snip>
> 2) All exchange between my modbot and human moderators is PGP-signed
> (and encrypted when necessary)
<snip>
> 3) All message approved for posting to usenet get signed with Greg
> Rose's PGPMoose program.
<snip>
> 4) There is an additional service for those who post through anonymous
> remailers BUT want to have an identity and reputation.
<snip>  <Great idea!>
> We currently have at least two posters whose real life identities are
> unknown, who use this feature and have sent us their PGP keys.
> 
> STUMP is currently working in production mode seemingly with no problems.


Okay Igor, that is an impressive list of features!  Now what 
I want to know (and what I want other people here to hear) is:
_How_ difficult was it to incorporate these PGP features into
your software?  My guess is that it was a simple matter of
making a couple of system calls to PGP, plus maybe extra 
defense against replay attacks (you _do_ have defense against
replay attacks don't you?) and the fact that you have more
debugging work because you have more features.


Regards,

Bryce



Return-Path: ichudov@manifold.algebra.com
Received: from galaxy.galstar.com (galaxy.galstar.com [204.251.80.2]) by digicash.com (8.6.11/8.6.10) with ESMTP id TAA15575 for <bryce@digicash.com>; Sat, 6 Jul 1996 19:54:16 +0200
Received: from manifold.algebra.com (manifold.algebra.com [204.251.82.89]) by galaxy.galstar.com (8.6.12/8.6.12) with ESMTP id MAA12554; Sat, 6 Jul 1996 12:52:30 -0500
Received: (from ichudov@localhost) by manifold.algebra.com (8.7.5/8.6.11) id MAA31894; Sat, 6 Jul 1996 12:53:02 -0500
Message-Id: <199607061753.MAA31894@manifold.algebra.com>
Subject: Re: Need PGP-awareness in common utilities
To: bryce@digicash.com
Date: Sat, 6 Jul 1996 12:53:02 -0500 (CDT)
Cc: cypherpunks@toad.com, e$@thumper.vmeng.com
Reply-To: ichudov@algebra.com (Igor Chudov)
In-Reply-To: <199607061311.PAA08700@digicash.com> from "bryce@digicash.com" at Jul 6, 96 03:11:48 pm
From: ichudov@algebra.com (Igor Chudov @ home)
X-No-Archive: yes
X-Mailer: ELM [version 2.4 PL24 ME7]
Content-Type: text

bryce@digicash.com wrote:
> I really don't see why programs like majordomo, UseNet
> moderation-bots, and most noticeably the PGP key distribution
> program are PGP-unaware.

My moderation bot STUMP is not only PGP-aware, it is also doing
a lot of PGP-related things. Among them: 

1) For posters who voluntarily chose additional protection, STUMP allows
only messages with a valid PGP signature to be posted. All posts from
these people that do not have a PGP sig or have an invalid sig, are
automatically rejected. It protects them from forgeries.

2) All exchange between my modbot and human moderators is PGP-signed
(and encrypted when necessary), to insure integrity of moderation
email traffic.

3) All message approved for posting to usenet get signed with Greg
Rose's PGPMoose program.

4) There is an additional service for those who post through anonymous
remailers BUT want to have an identity and reputation. The idea is that
they submit their PGP keys to the robomoderator, and later robomod
takes the user id from the PGP key, replacing meaningless anonymous
addresses with their identity.

We currently have at least two posters whose real life identities are
unknown, who use this feature and have sent us their PGP keys.

STUMP is currently working in production mode seemingly with no problems.

For details, look at 

	http://www.algebra.com/~ichudov/usenet/scrm/robomod/robomod.html

	- Igor.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMd7Dj0jbHy8sKZitAQGkIAMAxr5F3Lqv2cUBekFz3KRam1H4uE4qKrHx
cv7DwvRUXVX89TK0TFVlt/T3nwD8NBTwMtMG+xnlltHCLcjrSC0gd+3Pu2B8o0nD
0JnXWitvZtAm405YPKaN7sX6hCGGyNOX
=U+4Q
-----END PGP SIGNATURE-----