mnr@daisy.learning.cs.cmu.edu (Marc Ringuette) (05/17/91)
Archive-name: mail/privacy-enhanced-mail/rpem/1991-05-16
Archive: dcssparc.cl.msu.edu:/pub/crypt/rpem*.tar.Z [35.8.1.6]
Original-posting-by: mnr@daisy.learning.cs.cmu.edu (Marc Ringuette)
Original-subject: Re: rpem: Privacy Enhanced Mail/public key program
Reposted-by: emv@msen.com (Edward Vielmetti, MSEN)
Here's my personal recommendation for actually trying out the rpem program,
and email security in general. It's nifty to see it work, and you may get
some bugs out of your thinking about how to go about being secure. I'd be
happy to exchange secure mail with you using rpem.
I've put my public key in my .signature, and I encourage any of you to do so.
I really think it's great to have the _option_ to communicate securely, and
I'm interested in seeing the wider Internet community tune in to this
technology at some point.
There are some interesting issues that come up, under the general heading of
"how to have privacy and security on the net," and more work to be done.
Clearly the next big one is key distribution. Just putting a public key in
your .signature is fine for preventing eavesdropping, but you're still
vulnerable to tampering. A secure key server fixes that, but you have to
trust the server. I don't have the perfect solution...maybe a dozen secure
servers that you can check against each other?
Other issues are
-- Traffic analysis / anonymous mail / electronic cash. David Chaum's work
is interesting, and we could implement some of it.
-- Secure netnews (in the sense that I can be sure I'm reading what everyone
else is). If we had this, we could just post our public keys to the net.
One suggestion: a subset of us signs the news we read, and posts the
signatures.
-- What procedures do we give someone who wants to be secure? Eventually
we have to make this easy to do.
Send me mail (securely, of course) if you're interested, so I know who's out
there. Meanwhile, sci.crypt is a good place to discuss this.
----------------- -------------------------- --------------------------------
| Marc Ringuette | Cucumber Science Dept. | What does a blonde say when |
| mnr@cs.cmu.edu | Cranberry Melon Univ. | you blow in his/her ear? __ |
| 412-268-3728 | Pittsburgh, PA 15213 | "Thanks for the refill." \/ |
----------------- -------------------------- --------------------------------
User: mnr@DAISY.LEARNING.CS.CMU.EDU
Rabin-Modulus:
UaCUDY+bd7EvAtkaZ9S1fRz7LO/MONro+pVvD/tNS52wf3tJZp4dcOKmEYNlhZh6
-----------------------------------------------------------------------------
| I use the "rpem" public domain public key email system, with the above key. |
| Clip and save! For info on rpem, send mail to riordanmr@clvax1.cl.msu.edu. |
| To get it, ftp from dcssparc.cl.msu.edu, file pub/crypt/rpem.tar.Z (in USA).|
-----------------------------------------------------------------------------
-- comp.archives file verification
dcssparc.cl.msu.edu
-rw-r--r-- 1 200 staff 157442 May 16 03:03 /pub/crypt/rpem.tar.Z
-rw-r--r-- 1 200 staff 151321 May 11 13:23 /pub/crypt/rpem_11May91.tar.Z
-rw-r--r-- 1 200 staff 151026 May 6 15:18 /pub/crypt/rpem_6May91.tar.Z
-rw-r--r-- 1 200 staff 150998 May 16 03:03 /pub/crypt/rpem_export.tar.Z
found rpem ok
dcssparc.cl.msu.edu:/pub/crypt/rpem*.tar.Z