Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site allegra.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!don
From: don@allegra.UUCP (Don Mitchell)
Newsgroups: net.crypt
Subject: secure mail
Message-ID: <3004@allegra.UUCP>
Date: Thu, 31-Jan-85 10:35:42 EST
Article-I.D.: allegra.3004
Posted: Thu Jan 31 10:35:42 1985
Date-Received: Sat, 2-Feb-85 00:24:33 EST
Organization: AT&T Bell Laboratories, Murray Hill
Lines: 23

Some people here have thought about secure mail.  The danger of doing
it wrong is great, but there is now a sizable literature of proven
"cryptographic protocols".  Ad hoc solutions can look perfect and still
have subtle loopholes that the naive programmer will not see.

The new UNIX crypt (never-to-be-released) has an option for dealing
with mail.  It will generate printable Ciphertext when encrypting and
filter out junk (mail headers) when decrypting.

Berkeley mail, with all its features and misfeatures, fails to perform
the simple interactions with UNIX that would make encrypted mail easy.
That is, you should be able to pipe your message through any UNIX
filter before sending it (you can do that) and after receiving it (you
cannot do that).

That is good if you don't want to worry about automatic key
management.  Of course, you should just have to remember one key and
have the program store the individual message keys and negotiate new
keys with other users via some secure protocol.

My worst nightmare is that the same bright people who invented the ARPA
mail headers or wrote this atrociously clunky netnews software will
decide to solve this problem for us.