dave@smaug.UUCP (Dave Cornutt) (06/21/86)
I think that trying to draw an analogy between e-mail and anything else is a futile exercise. E-mail isn't any of those things and to try to come up with an ethic in that manner is kind of pointless. Let's consider what WE think the ethic should be as opposed to trying to come up with something based on some other system. Here's what I think: I don't trust the privacy of e-mail, and if I have anything confidential to send, I do it by some other method (private link, mailed magtape, etc.). However, if a site makes its machines available as an e-mail site, it should explicitly state what its policy is; if someone there is going to read incoming mail, warn the world in advance. I already have a list of sites that I won't send mail through because the admins have admitted on the net that they read mail for non-administrative purposes. (I define an "administrative purpose" as reforwarding or return of stuck mail and notifying senders of trashed mail.) Why? Because I DON'T WANT ANYONE READING MY MAIL! Why don't I want anyone reading my mail? I'm not going to tell you. Not that there's anything exciting in it. I just feel that it is a general American principle that privacy is to be granted with explanation; it is the person who wants to reduce privacy who must justify his actions. "Because I feel like it" does not qualify. I obviously have no control over the admins at other sites, so I just avoid the ones that I know will look at my mail. If, on the other hand, I find that a site that claims to guarantee confidentiality has violated my privacy, I'm going to be bloody upset and let the whole world know about it. To me, the situation is analagous to being a sys admin and having the root password and the privilege to read everyone's files: just because I can do it doesn't give me the right to do it. That's something I CAN do something about, and if I ever find out that someone on my machine used the root password to read my files gratuitously, I'm going to do everything I can to get that person fired. And if you are the boss or co-worker of a person who is reading someone else's mail without cause, I recommend that you do the same thing, because privacy is a state that must be protected; the default state for the human condition is no privacy. --- Arthur shone his flashlight on Prak's face. "We thought," he said, "that you were meant to be telling the Truth, the Whole Truth, and Nothing But The Truth." "Oh, that," said Prak, "yeah, I was. I finished. There's not nearly as much of it as people imagine." Dave Cornutt, Gould Computer Systems, Ft. Lauderdale, FL UUCP: ...!sun!gould!dcornutt or ...!ucf-cs!novavax!houligan!dcornutt ARPA: wait a minute, I've almost got it... "The opinions expressed herein are not necessarily those of my employer, not necessarily mine, and probably not necessary."
taylor@hplabsc.UUCP (Dave Taylor) (06/26/86)
[a copy of a message posted in net.mail...'notes' can't cross-post, damn it!] In this group [and net.mail] Mark Horton writes; >At the time, I was hoping people would write some enhancements to >popular EMail user interfaces (e.g. Mail/mailx, MH, etc) that would >support this [encrypted mail]. So far I haven't seen any.... >If somebody out there would implement this, perhaps we could render >this whole subject moot. Users of the Msg and/or Elm mailer will find that this feature already IS implemented: the following message text will transmit an encrypted message; -------- this is a sample message [encode] This is the encrypted part [clear] this is back to normal. ------- Upon transmission of the message the program will prompt for a key to encrypt with (twice) and then mail the crypted message. The person at the receiving end will then automatically be prompted for a key when reading the message (e.g. "This is an encrypted message...please enter the decryption key") and will then have it displayed decrypted. At no time will the message be stored anywhere in an unencrypted form... Just another feature, right? :-) -- Dave Taylor (taylor@hplabs.HP.COM) ps: For reasons of portability to non-US sites, I choose to use a public domain 13-key rotor encryption algorithm that I got from someone (Tw?). This means that if the person at the other end is cruisin' along reading your message in a mailer OTHER than Msg/Elm, you're outta luck. Perhaps if this becomes a sufficiently popular function this will change...
rob@nitrex.UUCP (rob robertson) (06/26/86)
In article <62@houligan.UUCP> dave@smaug.UUCP (Dave Cornutt) writes: > >I think that trying to draw an analogy between e-mail and anything else >is a futile exercise. E-mail isn't any of those things and to try to >come up with an ethic in that manner is kind of pointless. Let's consider >what WE think the ethic should be as opposed to trying to come up with >something based on some other system. > >Here's what I think: I don't trust the privacy of e-mail, and if I have >anything confidential to send, I do it by some other method (private >link, mailed magtape, etc.). If your on a unix system sending to a unix system, try mark horton's uuencode/uudecode, along with crypt. Takes a little longer, and is a bit of a hastle, but it works. rob rob robertson decvax!cwruecmp!nitrex!rob.UUCP (216) 791-0922 cbosgd!nitrex!rob.UUCP nitrex!rob@case.CSNET nitrex!rob%case@csnet-relay.ARPA -- rob robertson decvax!cwruecmp!nitrex!rob.UUCP (216) 791-0922 cbosgd!nitrex!rob.UUCP nitrex!rob@case.CSNET nitrex!rob%case@csnet-relay.ARPA
mark@cbosgd.UUCP (Mark Horton) (06/29/86)
In article <380@nitrex.UUCP> rob@nitrex.UUCP (rob robertson) writes: >In article <62@houligan.UUCP> dave@smaug.UUCP (Dave Cornutt) writes: >If your on a unix system sending to a unix system, try mark horton's >uuencode/uudecode, along with crypt. Takes a little longer, and is >a bit of a hastle, but it works. Thanks for the plug, Rob, although of course uuencode/uudecode are in the public domain, so it's not like it personally matters to me. I'd like to mention that RFC 822 has a hook in it specifically for this. If you put a header "Encrypted: foo, bar" in there, this tells the receiving user interface that the mail was encrypted with method "foo", and it should go invoke the method "foo" decrypter. "bar" is a hint telling it which key to use for decryption (although not the key itself, more like an index into a table of keys that has been agreed upon in advance.) At the time, I was hoping people would write some enhancements to popular EMail user interfaces (e.g. Mail/mailx, MH, etc) that would support this. So far I haven't seen any. But given the UNIX crypt, compress, and uuencode/uudecode, it shouldn't be hard to write one. (A bit more work and it could be made into a subroutine, possibly without compressing, so it would be fast.) If somebody out there would implement this, perhaps we could render this whole subject moot. Mark
wunder@hpcea.HP (Walter R. Underwood) (06/30/86)
> Users of the Msg and/or Elm mailer will find that this feature already IS > implemented: the following message text will transmit an encrypted message; > > -------- > this is a sample message > [encode] > This is the encrypted part > [clear] > this is back to normal. > ------- > -- Dave Taylor (taylor@hplabs.HP.COM) > > ps: For reasons of portability to non-US sites, I choose to use a public > domain 13-key rotor encryption algorithm that I got from someone (Tw?). > This means that if the person at the other end is cruisin' along reading > your message in a mailer OTHER than Msg/Elm, you're outta luck. Perhaps > if this becomes a sufficiently popular function this will change... Dave got the rotor program from me. It was written by Tracy Tims and posted to net.sources as "cypher" in January 1983. Paul Bame fixed it to work correctly on the 68000 (byte order, I think). Unfortunately, Dave made a small change which makes ELM's encipherment a pain to use with the original version. Cypher used "[cypher]", and "[clear]". Dave changed that to what you see above. Why, I don't know, since a rotor machine really is a cipher and not a code. I suggested that he change it back, but ... As for non-US use, both cypher and Elm call crypt(3) to munge the key. As shipped, cypher works quite well with the BSD mail program, and anything else that talks to an editor the same way. Just set EDITOR to your real editor, and VISUAL to "rcypher" (a link to cypher), and use ~v to encipher or decipher a message. Handy. I've used it to protect a few messages (a job opening, a discussion about a product in the very early stages of development). Back to the subject: Has anyone written something that uses the RFC-822 header line? What are approved values for the field? Walter Underwood