[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
No Subject
[ The purpose of this post is to propose an extension of PGP which
would result in more widespread use of encryption by the public;
and to provoke discussion about the pros/cons of said proposal ]
PGP users (mostly, technically adroit e-mail types) are but a
subset of computer users in general; who in turn are but a subset
of persons engaging in electronic communication of all kinds (including
the common telephone); all of whom can be legitimately concerned with
privacy issues. If the powers that be are concerned about not being
able to listen in on PGP users, at least they can take solace in the
fact that PGP users constitute only a tiny fraction of the populace,
and hence, in the "big picture", add up to little more than a slight
irritation.
I am proposing that PGP be expanded beyond its present cadre and into
the 2nd group named above - the army of regular users of pc's equipped
with data modems.
The proposal specifically is to extend PGP beyond file encryption
to generalized stream handling. Such streams can be consoles &
keyboards, real-time file transfers, and digitized voice; indeed,
anything that will pass over a modem or other serial transfer medium.
In this scenario, a user wishing a secure interchange would simply
place a voice call to another party and, upon establishing voice
contact, request a transition to a modem connection. Upon invoking
the new program, the user's modem would go online; it would read the
party's key from the existing PGP pubkey ring, and use it to perform
a DH exchange, establishing a secure session. The program would then
use a packet protocol to exchange keyboard/console traffic and/or files.
In one scenario, all key management would continue to be performed with
the current PGP program; the pubkey ring would be 'read-only' from the
standpoint of the new app. Alternatively, key management could be
blended into the new app to form a true standalone application.
The appeal behind this approach is that it moves the operational
paradigm very close to the present one- namely "pick up the phone
and dial". No logins, shells, Elm, Compuserve/Prodigy/FidoNet, etc.
The user interface could be simple enough for even the most novice
user to operate.
Real-time voice encryption would obviously be desirable in lieu of
a keyboard interface. Unfortunately, such a capability is not yet
within the reach of the average pc. Within a few years it will pro-
bably be a "done deal", given the movement afoot to put DSP chips
in all new pc's (e.g. video compression, multimedia support, etc).
For now it must suffice to build a solid technical foundation which
can accommodate voice operation when the requisite hardware becomes
available. And until that time, many more users will have access to
convenient and handy encryption technology.
[ An aside, WRT voice coding: I believe the first major opportunity
to produce a cheap realtime digital voice channel will be the emergence
of chips/chip sets targeted towards the growing market for digital
(tapeless) telephone answering machines. This market is large, and very
cost sensitive (the perfect combo for opportunistic techno-vultures);
this should produce cost effective voice coding solutions within a
short period of time (12 months?), given current technology levels. ]
Many readers already know that the pieces required to build this new
program are already in place- and could be drawn together without much
fuss. Indeed, a few fledgling attempts have already been made. From the
PGP sources, the necessary functions would be extracted- to perform key
lookup, MP arithmetic, DH key exchange, IDEA encryption of comm packets,
etc. The resulting library would be linked to the new comm application.
Each subsequent revision of PGP would retain a make target that would
build the interface library.
The net result of building this application would be to make serious
levels of security available to more people than ever before - with an
ease of use also heretofore unknown. As a result I believe the PGP
user base could easily expand by at least an order of magnitude.
Does anyone have a better idea?
[END]