Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!usc!ucsd!hub.ucsb.edu!dschub!neptune!slb From: slb@neptune.dsc.com (Steve Baur) Newsgroups: comp.mail.elm Subject: Re: encryption and elm Keywords: encryption elm Message-ID: <1686@dschub.dsc.com> Date: 30 Nov 90 19:05:23 GMT References: <4516@cocoa7.UUCP> <1990Nov28.024805.16530@wubios.wustl.edu> <5533@melon11.UUCP> Sender: news@dschub.dsc.com Lines: 50 gulik@motcid.UUCP (Gregory Gulik) writes: >For example, if you are using UUCP, there are times when your mail >will make several hops to get where it's going. Many times I would >like to send a personal message to someone on a secure system, so >I would like to encrypt the message on the way there to keep system >administrators from reading it, but the person at the other end would >be able to save it in plain text. O.K. That looks easy enough to implement. First off, add a new keyword like "[encode]", maybe "[autoencrypt#]". The '#' sign is a single digit. Now to use this feature you would negotiate a key with the person who is to receive this mail. He thens puts a line "encryptkey# = " in his .elmrc. Adding the extra digit is so that you can use this feature with multiple destinations and be able to use different keys with each. Now when elm is reading such a message, it can strip out the "[autoencrypt#]" and the subsequent "[clear]" when reading the message, and thus the reader could never know that the message was encrypted during transit. >If this feature is to be implemented, it should be similar to the >way the Include Copy feature is done. There should be options >in the elmrc for the default action, and a true/false option to >specify if the user is to be prompted. That's easy enough. Add another flag: autoencryptflag (with states ON and OFF). I've worked with the elm encryption code, and I don't think doing something like this is a major effort. Anybody else interested? P.S. Now for a feature I'd really like to add: The current encryption code is buggy in that only lines surrounded by the "[encode]" "[clear]" can be encrypted. But what about certain of the e-mail headers? There is no way, for example to encrypt a Subject:. The idea would be to add the special header "X-Elm-Encrypted: X.Y" (with X.Y being the elm version number, that way if the encryption algorithm is changed in a future version, you know what version did the encrypting). When this header is detected, everything not absolutely required for RFC822 would be encrypted. Any takers? -- "Have you any idea how difficult it is to get a judge to sign a warrant based on information from a parrot?" - Detective Roger Coan Steve Baur (slb%neptune%dschub@hub.ucsb.edu)