From: Operator <root@extropia.wimsey.com>
Date: Mon, 24 May 93 23:50:26 PDT
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199305250633.AA06800@xtropia>
MIME-Version: 1.0
Content-Type: text/plain



  [ The purpose of this post is to propose an extension of PGP which
  would result in more widespread use of encryption by the public;
  and to provoke discussion about the pros/cons of said proposal ]

  PGP users (mostly, technically adroit e-mail types) are but a
  subset of computer users in general; who in turn are but a subset
  of persons engaging in electronic communication of all kinds (including
  the common telephone); all of whom can be legitimately concerned with
  privacy issues.  If the powers that be are concerned about not being
  able to listen in on PGP users, at least they can take solace in the
  fact that PGP users constitute only a tiny fraction of the populace,
  and hence, in the "big picture", add up to little more than a slight
  irritation. 

  I am proposing that PGP be expanded beyond its present cadre and into
  the 2nd group named above - the army of regular users of pc's equipped
  with data modems.

  The proposal specifically is to extend PGP beyond file encryption
  to generalized stream handling.  Such streams can be consoles &
  keyboards, real-time file transfers, and digitized voice; indeed,
  anything that will pass over a modem or other serial transfer medium.

  In this scenario, a user wishing a secure interchange would simply 
  place a voice call to another party and, upon establishing voice
  contact, request a transition to a modem connection.  Upon invoking
  the new program, the user's modem would go online; it would read the
  party's key from the existing PGP pubkey ring, and use it to perform
  a DH exchange, establishing a secure session.  The program would then
  use a packet protocol to exchange keyboard/console traffic and/or files.
  In one scenario, all key management would continue to be performed with
  the current PGP program; the pubkey ring would be 'read-only' from the
  standpoint of the new app.  Alternatively, key management could be
  blended into the new app to form a true standalone application.

  The appeal behind this approach is that it moves the operational 
  paradigm very close to the present one- namely "pick up the phone
  and dial".  No logins, shells, Elm, Compuserve/Prodigy/FidoNet, etc.
  The user interface could be simple enough for even the most novice
  user to operate.

  Real-time voice encryption would obviously be desirable in lieu of
  a keyboard interface.  Unfortunately, such a capability is not yet
  within the reach of the average pc.  Within a few years it will pro-
  bably be a "done deal", given the movement afoot to put DSP chips
  in all new pc's (e.g. video compression, multimedia support, etc). 
  For now it must suffice to build a solid technical foundation which
  can accommodate voice operation when the requisite hardware becomes
  available.  And until that time, many more users will have access to
  convenient and handy encryption technology.

  [ An aside, WRT voice coding:  I believe the first major opportunity
  to produce a cheap realtime digital voice channel will be the emergence
  of chips/chip sets targeted towards the growing market for digital
  (tapeless) telephone answering machines.  This market is large, and very
  cost sensitive (the perfect combo for opportunistic techno-vultures);
  this should produce cost effective voice coding solutions within a
  short period of time (12 months?), given current technology levels. ]

  Many readers already know that the pieces required to build this new
  program are already in place- and could be drawn together without much
  fuss.  Indeed, a few fledgling attempts have already been made. From the
  PGP sources, the necessary functions would be extracted- to perform key
  lookup, MP arithmetic, DH key exchange, IDEA encryption of comm packets,
  etc.  The resulting library would be linked to the new comm application.
  Each subsequent revision of PGP would retain a make target that would
  build the interface library. 

  The net result of building this application would be to make serious
  levels of security available to more people than ever before - with an
  ease of use also heretofore unknown.  As a result I believe the PGP
  user base could easily expand by at least an order of magnitude.

  Does anyone have a better idea?
  [END]