From: Matthew Carpenter <mcarpent@mailhost.tcs.tulane.edu>
Date: Wed, 10 Jul 1996 15:09:27 +0800
To: bryce@digicash.com
Subject: Re: more about the usefulness of PGP
In-Reply-To: <199607061957.VAA21682@digicash.com>
Message-ID: <199607092115.QAA78592@rs6.tcs.tulane.edu>
MIME-Version: 1.0
Content-Type: text/plain


bryce@digicash.com wrote:
> 
> Here's an idea that I always wanted to implement but never did
> yet.  I thought I'd share and if someone else has already done
> it let me have a copy.
> 
> 
> I should be able to execute scripts remotely by sending e-mail
> to an account.  Simple mail-handling scripts at that account
> should check the PGP signature (and timestamp/counter to prevent
> replay/delay attacks) and then pass the contents to a full
> script-language interpreter.
> 
> 
> Perl is a natural choice of interpreter.  Has anybody
> implemented this (hopefully complete with replay/delay 
> prevention)?
> 
> 
> Thanks!
> 
> Bryce
> 
> P.S.  No, actually I can't think of any good use for this
> trick.  But maybe if I had it I would find good uses for it.
> 

I'd been thinking of something along those lines as well, but never got
around to actually trying it. 

But I had some free time yesterday and got a system setup which uses
procmail to pass on the message to a perl script which then decrypts the
message if necessary and checks the signature.  If the signature is good
it then executes the scrypt, encrypts the output from the script, and
mails it back.  I haven't had a chance to do any extensive testing, and
it doesn't have any replay/delay prevention yet.  I should have some
time in a day or two to clean it up though.  Just wanted to let
you know that someone is working on it.  I don't want to distribute it
yet, since it is still rather messy and possibly buggy.


--Matt

--
mcarpent@mailhost.tcs.tulane.edu