mnr@daisy.learning.cs.cmu.edu (Marc Ringuette) (05/17/91)
Archive-name: mail/privacy-enhanced-mail/rpem/1991-05-16 Archive: dcssparc.cl.msu.edu:/pub/crypt/rpem*.tar.Z [35.8.1.6] Original-posting-by: mnr@daisy.learning.cs.cmu.edu (Marc Ringuette) Original-subject: Re: rpem: Privacy Enhanced Mail/public key program Reposted-by: emv@msen.com (Edward Vielmetti, MSEN) Here's my personal recommendation for actually trying out the rpem program, and email security in general. It's nifty to see it work, and you may get some bugs out of your thinking about how to go about being secure. I'd be happy to exchange secure mail with you using rpem. I've put my public key in my .signature, and I encourage any of you to do so. I really think it's great to have the _option_ to communicate securely, and I'm interested in seeing the wider Internet community tune in to this technology at some point. There are some interesting issues that come up, under the general heading of "how to have privacy and security on the net," and more work to be done. Clearly the next big one is key distribution. Just putting a public key in your .signature is fine for preventing eavesdropping, but you're still vulnerable to tampering. A secure key server fixes that, but you have to trust the server. I don't have the perfect solution...maybe a dozen secure servers that you can check against each other? Other issues are -- Traffic analysis / anonymous mail / electronic cash. David Chaum's work is interesting, and we could implement some of it. -- Secure netnews (in the sense that I can be sure I'm reading what everyone else is). If we had this, we could just post our public keys to the net. One suggestion: a subset of us signs the news we read, and posts the signatures. -- What procedures do we give someone who wants to be secure? Eventually we have to make this easy to do. Send me mail (securely, of course) if you're interested, so I know who's out there. Meanwhile, sci.crypt is a good place to discuss this. ----------------- -------------------------- -------------------------------- | Marc Ringuette | Cucumber Science Dept. | What does a blonde say when | | mnr@cs.cmu.edu | Cranberry Melon Univ. | you blow in his/her ear? __ | | 412-268-3728 | Pittsburgh, PA 15213 | "Thanks for the refill." \/ | ----------------- -------------------------- -------------------------------- User: mnr@DAISY.LEARNING.CS.CMU.EDU Rabin-Modulus: UaCUDY+bd7EvAtkaZ9S1fRz7LO/MONro+pVvD/tNS52wf3tJZp4dcOKmEYNlhZh6 ----------------------------------------------------------------------------- | I use the "rpem" public domain public key email system, with the above key. | | Clip and save! For info on rpem, send mail to riordanmr@clvax1.cl.msu.edu. | | To get it, ftp from dcssparc.cl.msu.edu, file pub/crypt/rpem.tar.Z (in USA).| ----------------------------------------------------------------------------- -- comp.archives file verification dcssparc.cl.msu.edu -rw-r--r-- 1 200 staff 157442 May 16 03:03 /pub/crypt/rpem.tar.Z -rw-r--r-- 1 200 staff 151321 May 11 13:23 /pub/crypt/rpem_11May91.tar.Z -rw-r--r-- 1 200 staff 151026 May 6 15:18 /pub/crypt/rpem_6May91.tar.Z -rw-r--r-- 1 200 staff 150998 May 16 03:03 /pub/crypt/rpem_export.tar.Z found rpem ok dcssparc.cl.msu.edu:/pub/crypt/rpem*.tar.Z