[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

USENET and US-legal PGP (signing only?)

Hello again!

	Has there been any progress on a USA-legal PGP?  Are
negotiations still in progress or are they stalled?

	I am willing to write code (up to a few thousand lines of C)
to help integrate PGP with USENET newsreaders.  (I have a little
PGP/RIPEM signature verification fuction now, and a section called
"Digital signatures, cryptograpy, and USENET" in the online documentation.)
I am waiting for a US-legal version of PGP before coding further.

	I think that USENET provides a wonderful environment for
public key crypto applications.  My particular interest is in digital
signatures for forgery protection.  One use of this is in collaborative
message filters where people can rate or add keywords to other
messages.  I would like for all of this to be updated semi-automagically,
using usual (insecure!) USENET postings.

	Greater numbers of strong-crypto users should also help in the
political arena.  Many people don't see why the current cryptograpy
battles are important, because they don't care very much about strong
privacy.  An easy-to-use cryptosystem integrated into their ordinary
tools like newsreaders and mailers will get some of these people involved.

For instance, imagine these interactions:
----- start examples -----
[While reading news, the user types 'r' to reply to a message]

The poster included a PGP encryption key, and will accept encrypted replies.
Encrypt your reply? [nyh]


[User posts a message]

PGP key found.
Sign this posting? [yn]
[User types 'y']
Signing posting using PGP key.
Enter your passphrase:

[User posts a message]

Digital signature not found.
Would you like to generate a digital signature? (type 'h' for help) [nyh]

[user types 'h']

A digital signature allows other people to have some confidence that
your postings are really from you, and not a forgery.
...[more explanation of digital signatures, about 10-15 lines]...
Generating a digital signature usually takes between 5-15 minutes.
You will only have to do this once.

Would you like to generate a digital signature? (type 'h' for help) [nyh]
[user types y]

PGP found.
RIPEM not found.
Generating digital signature using PGP...
[Nice, friendly key generation process.]
----- end examples -----

	Finally, would it be possible to release a US-legal/RSAREF
*subset* of PGP which allows only signatures and signature
verification?  To my knowledge this wouldn't require violating the
RSAREF interface.  (My understanding is that the interface problem
is that PGP uses IDEA rather than DES for message encryption.
The signature is simply an RSA-encrypted hash of the message--this
could be handled by the RSAREF package.  Correct?)


Clifford A. Adams  [email protected] | USENET Interface Project:
457 Ash St. NE      Albuquerque, NM  87106 | Tools for advanced newsreading
STRN (Scan TRN) now in testing: trn 3.3 plus flexible newsgroup menus, fast
article scoring with score ordered display, and merged/virtual newsgroups.