1994-02-25 - Re: your mail

Header Data

From: sdw@meaddata.com (Stephen Williams)
To: warlord@MIT.EDU (Derek Atkins)
Message Hash: 7aac0091da39e7aec959b645cce5803e7eaa7126f02390271fc6579d16c3ba33
Message ID: <9402251519.AA20453@jungle.meaddata.com>
Reply To: <9402250120.AA12855@toxicwaste.media.mit.edu>
UTC Datetime: 1994-02-25 15:19:30 UTC
Raw Date: Fri, 25 Feb 94 07:19:30 PST

Raw message

From: sdw@meaddata.com (Stephen Williams)
Date: Fri, 25 Feb 94 07:19:30 PST
To: warlord@MIT.EDU (Derek Atkins)
Subject: Re: your mail
In-Reply-To: <9402250120.AA12855@toxicwaste.media.mit.edu>
Message-ID: <9402251519.AA20453@jungle.meaddata.com>
MIME-Version: 1.0
Content-Type: text/plain

> An interesting idea, although highly unpracticable.  Sending a binary
> is nearly impossible.  As an example, I have at my disposal (and I log
> into regularly) at least 6 different platforms.  All Unix, but each
> one would require its own binary!

Although I'm still uncomfortable about the non-crypto user key, there is
a simple solution to the problem of executable/data transmission:

Send it as Perl, Postscript, Tcl, whatever.

Perl should be able to handle an encode (7 bit) data stream with a
program prepended.  The algorithm would be more obvious, but
technically no more secure if you disallow security-through-obscurity.

Perl is available almost everywhere, is reasonably fast, has a
comprehensive capability list, etc.

> This doesn't mean that your idea has no merit.  On the other hand, it
> is an interesting key distribution model.  Except there are a number
> of problems that I can see.  First, anything you know about the person
> is something that someone else could probably do a little research and
> find out as well.  This inherently means it is not a very secure
> channel, rather it is only moderately secure.

This is what I think is rough.

> Also, there is no way to meet your goal of "no external binary
> needed."  There may be a few things you can do in lieu of this, but
> all of them require some knowledge of the recipient hardware system.
> But in a case such as mine, even that wouldn't help (do you send it
> for an RT, Vax, Decmips, RS6000, Alpha, Linux, Sun386i, Next, ...?)


> Like I said, its an interesting key distribution model, but I do not
> see any way to realize it under your assumptions.
> -derek

Stephen D. Williams  Local Internet Gateway Co.; SDW Systems 513 496-5223APager
LIG dev./sales       Internet: sdw@lig.net sdw@meaddata.com
OO R&D Source Dist.  By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430
Comm. Consulting     ICBM: 39 34N 85 15W I love it when a plan comes together