From: Sameer <sameer@soda.berkeley.edu>
To: cypherpunks@toad.com
Message Hash: 0450489de6f6374eefe59a39664fd51c151a284cf4ce220718ac402af1542f2b
Message ID: <199401222107.NAA22010@soda.berkeley.edu>
Reply To: N/A
UTC Datetime: 1994-01-22 21:16:26 UTC
Raw Date: Sat, 22 Jan 94 13:16:26 PST
From: Sameer <sameer@soda.berkeley.edu>
Date: Sat, 22 Jan 94 13:16:26 PST
To: cypherpunks@toad.com
Subject: List software with PGP authentication/administration
Message-ID: <199401222107.NAA22010@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text
I have recently written some mailing list software which
authenticates PGP signatures (it is *way* too centralized for my
tastes, but most of my "market"-- the people who are using the list
that the software is running on-- have rather lame computers or lack
the time/skill to install PGP for signature verification locally.).
The most important part of the software, however, is that it
uses PGP-signatures for remote administration. It requires that a
remote administration request be PGP-signed before it accepts the
administration commands.
It is running a *rudimentary* keyserver service.. It accepts
new keys, but it doesn't release keys on demand. (I'm going to have it
release keys to subscribers only, soon.)
Here's the documentation. If anyone would like to take a look
at it, and play with it, etc., please mail me. It's not very clean
code. (It's a combination of some perl and sh scripts. I'm pretty
clueless about perl, so there are many inefficiencies. I plan on
fixing them once I learn perl better.)
-- PGP Signature Authentication
The list software does automatic verification of PGP
signatures, and prepends a few lines to every message that goes out--
whether or not the signature is good, bad, or nonexistant.
-- Administration
If you are the administrator of the list, you can issue
list-administration commands within a PGP-signed message. To do so,
begin your message with the line:
::administrate <password>
Following lines are commands to the list software. Supported
commands currently are:
"subscribe address" -- subscribe address to the list
"unsubscribe address" -- unsubscribe address from the list
"sendlist address" -- send the list of subscribers to the address
-- User Commands
There are a few commands which any user can use, whether or not
the message has been PGP-signed.
To send out a subscriber list to someone who is subscribed to
the list, anyone can send a message to the list saying:
::sendlist
following by the addresses to which he or she wants the
subscriber list to reach. Only people who are subscribed to the list,
however, can get the subscriber list through this command. (Anyone can
issue this command, however.)
To add a key to the PGP-database so that messages signed with this key are recognized, anyone can send a message to the list saying:
::addkey
following by an ASCII-armored PGP public key block.
Anyone can post anonymously to the list as well. In order to
do that, the message should be sent to the list (signed or unsigned--
if the message is signed, however, the signature information still
reaches the list) with the line:
::administrate anonymous
As the first line.
Return to January 1994
Return to “Sameer <sameer@soda.berkeley.edu>”
1994-01-22 (Sat, 22 Jan 94 13:16:26 PST) - List software with PGP authentication/administration - Sameer <sameer@soda.berkeley.edu>