[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Some proposals, Anonymous mailers



>    I've been getting good support for my ideas on implementing machine
> independent modules or "Libraries" of PGP routines that don't include
> I/O portions,   but after looking at the code,   I see this is going to
> take a lot of work,   both in organizing the effort,   and in implementing
> the code.    Just how this is going to be done,  I'm not sure,   but this
> is what cypherpunks is all about.    To hash these things over,  flame on
> each other's ideas,  etc.
> 
>   I have been studying the PGP code,   and can see it's going to take a
> lot of work to get it into a form where true machine portability can
> be realized.   As  a Mac purist,  a abhore the idea if translating Mac
> GUI actions into ascii text and sending it to the current PGP "engine".
> 
>   Although it would take a lot of work,   I propose that we develop PGP
> to have the following form.
> 
>   a) Encryption engine library - Main set of routines currently in the
>      PGP program dealing with encryption of data.   These would be

I strongly support this concept. Having just implemented a new anonymous
mail and posting system with privacy enhancement using PGP on a Unix
machine, using the existing PGP code which is very keyboard oriented,
proved to be a real headache, trying to second guess the responses that
pgp expected. The whole deal would have been much easier calling
library routines, or even more "Unix" like tool type interfaces.

I am seriously considering rewriting some bits of PGP to do what I need
but unfortunately:

1. I don't know anything about encryption, as Phil has made obvious in
   his responses to my ideas (quite rightly so).

2. A preliminary perusal of the code makes it obvious that extracting the
   functionality from the interface is not an easy task.

However, I would be happy to volunteer my services should no one Unix
based with more PGP or encryption experience is available. I also live
outside the US at present which is a plus I guess as far as RSA is
concerned.

BTW. Re. my anonymous service - once I have Phil and Hal's suggestions
implemented feel free to use it. Send mail to "[email protected]".
The service is not yet really on-line, but if anyone wants to play with
it feel free (given the proviso that I might change things and take it
up and down periodically until I get it right; I will try to preserve
alias #'s and stored public keys that have already been sent along). It is
not based on the current perl scripts - I hacked it up in Bourne shell
scripts before I heard about other peoples efforts, so all bugs are mine !

Note that it is basically a typical anonymous mailing system like that
used in the various alt.personals and alt.sex groups, except that you
can encrypt your messages to it, and it will encrypt responses back to
you automatically, so dubious bounced mail and replies will not be
readable by other's at your site or on the path. At present it is set
up to allow posting to any group, but I am seriously considering blocking
out the k12 groups after the recent godiva fiasco, quite against my
philosophy, but my better judgement may yet prevail :( The same may go
for file size and even rapidly repeated messages to the same addresses
to prevent common patterns of "anonymous abuse". I hate to do this and
may not, but I get the impression that I would be foolish not to. The
immaturity of some people out there amazes me.

BTW. I have also started a new mailing list for discussion of anonymous
groups in general as well as my system. Send mail to "anon.subscribe@
pax.tpa.com.au" if you want to join. The list is strictly plaintext at
the moment though unfortunately !

david