From: Johnathan Corgan <jcorgan@netcom.com>
Date: Tue, 13 Dec 94 13:49:49 PST
To: cypherpunks@toad.com
Subject: RE: Winsock & PGP Integration
Message-ID: <Chameleon.4.00.941213134907.jcorgan@.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>   Except one.  What all of these agents have in common is that they
>   interface with the Windows Sockets API to establish TCP streams
>   that are used in the POP and SMTP protocols.  Since these are well
>   known and standardized protocols, this gives us our toehold.
>
>How might an interposed winsock DLL recognize what high level protocol
>it was going to spoof?  Getting the port number will be a very good
>approximation, but I'm not convinced of its reliability.

Well, it could be done "by definition."  Let's say I tell my Eudora that
the SMTP and POP address to use is 192.0.0.1.  I can now configure my
spoofing agent that when there is an attempt to establish a TCP stream
on port 110 of 192.0.0.1, I can be assured that it is the mailer trying
to retrieve mail.

Likewise for mail delivery (and news, spoofing NNTP, though this is 
probably an order of magnitude more complicated than just mail.)

>As to the general issue of MSWindows v. Unix, the Unix predominance
>for remailer software involves the fact that Unix is on the bulk of
>the machines connected to the Internet.  It's more reliable for
>offering network services than MSWindows and it's got a cleaner
>architecture for reconfiguration.  None of these explanations,
>however, means that there won't be more MSWindows that Unix boxes for
>a long time.

Of course.  Unix was around long before DOS/Windows gained market
dominance of the personal computing market.  And for automated encryption
on that platform, premail seems to do a great job (though there are some
features I'd like to see added, Raph).  The unfortunate thing I think is
that Unix/X-Windows has never gained a foothold in the "consumer" market.

- From a marketing perspective, if we are trying to "sell" strong crypto use
to the "masses", then it is only prudent to assess where these types of
products would be deployed.  And the two platforms that will entirely make
up the personal computing market will be DOS/Windows95 and to a lesser extent,
OS/2 Warp.

This was a subject brought up at the last Cypherpunks meeting (by Tim, I think.)
For fifteen years we have had some pretty sophisticated theoretical models of
strong cryptographic techniques.  Some of these, such as PK encryption, have
reached the "masses" in the form of PGP.  Others, such as digital cash, have been
mired in implementation issues.  It is frustrating to read about and listen to
lectures on advanced cryptographic subjects (such as all the great presentations 
at the last meeting), knowing that it may be years before this "theory" makes
it into "practice."

I will be happy when cryptography is as ubiquitous on a PC as screen savers.

=======================================================================
Johnathan Corgan       "Violence is the last refuge of the incompetent"
jcorgan@netcom.com                       -Isaac Asimov
PGP Public Key:        http://www-swiss.ai.mit.edu/~bal/pks-toplev.html
Or send email to:      pgp-public-keys@pgp.ai.mit.edu Subj: GET jcorgan
=======================================================================

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBLu3ksU1Diok8GKihAQFyXwQApqXdcRfM7cV2EeRbrB6xMDXwJwWSFl5i
3gwTwDkZ8omK/9N+R9gLx4V6CcpPo7kku+GfUy7dkj4wDYtLTZ7m2sZ+mvg0FJNS
3LUSOKC911LpGj9m7uUcFKF+OsthO7WDz5Xtk5AMUTK26Uo0W4lOxBgOTrdiCdDx
q3rYla9+ueU=
=TL0Z
-----END PGP SIGNATURE-----