From: "Chris Adams" <adamsc@io-online.com>
Date: Sat, 20 Jul 1996 17:14:45 +0800
To: "cypherpunks" <dfloyd@IO.COM>
Subject: Re: Opiated file systems
Message-ID: <199607200558.WAA12898@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 19 Jul 96 22:31:16 -0800, dfloyd@IO.COM wrote:

>> A) Only accept files with valid PGP signatures from accepted keys - this
>> is one area where PGP's commandline interface is a plus - just write a
>> batch script. Demand that a separate file be sent first, signed by a
>> certain key. This file would contain valid filenames for the rest of the
>> session. If a non-listed file is sent, kill the session.  This could all
>> be automated with a simple program. You could probably even use SSLs and
>> similar to do it on a website if you could swill the PGP bit - maybe a
>> plugin?
>
>This defeats the purpose of the data haven.  If I did stuff like that,
>then why not use McAffee's WebStor, where you FTP files over to your
>personal "vault"?

What I was trying to propose was that you provide a key for usage when
they first initiate usage of your site. They could then use that key to
send stuff to you. Neither party needs to know who the other person is,
merely that he is using the agreed upon key. This would let you revoke
the keys of offenders.

>> B) bounce trash back.
>
>If someone is shipping through a remailer, how would that help?

I'm assuming most remailers allow 2 way traffic. Alternately, just send
email to the remailer operator. Rather than get spammed by the
bounceback, he would probably block that site from sending to you... (Or
revoke their account entirely)


>I plan to make this as anonymous as possible.  Reason?  Everything else is
>just posing.  I was intending this to be a place that one could be assured
>of anonymity -- the data haven doesn't even know if the user can use PGP.

I was using PGP as an example. If you really want portable, use that Java
PK library and write a custom frontend for it.  You just need to use an
agreed upon key for verification. Now, if they wanted, a secure method
might be using PK-aware remailers - pk channel from you to remailer,
using your keys, pk channel from remailer to them, using their keys. This
would let you exchange a key securely... Of course, it would involve
trusting the remailer operator, but you'd have to do that anyway.

// Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!