On 12/22/18, g00r00 pondered and said...
Echomail is intended to be public, Netmail is private as you know, so I worked along those lines. But yes, we could make echomail messages that could only be decoded by BBSes that have the password. I am open to hearing more about it bu I am not sold on it yet! There are some
negative aspects to doing what I think you are proposing.
I just like the idea of having an option whereby the security of a message posted (untampered with, not read by those not intended for) can be ensured using a workable encryption option. I think the desire to ensure that can
apply just as much in a more 'one to many' conversation like echomail just as it can in a 'one to one' like netmail.
I'm not sure what you mean by 'negative aspects' but I'm picking it might be along the lines of obfuscated communications used for evil purposes vs. good? Or perhaps you're talking more like overheads on Mystic to juggle/run such a system?
Yes, that is how it would work. If you want to make it per-user, then they should probably just use PGP or something that is designed to do
that already. I know that it'd be inconvenient for a user to cut and
paste the message content out of the BBS terminal though.
Yes can't say I disagree. I have played with PGP a bit in the FSX_CRY
echoarea and the only real pain point for me was the manual cutting and
pasting of text in and out of a full screen editor. I like the public /
private key way PGP works and sorta wondered if it could be better
incorporated into Mystic so folks could opt to use it to post/decode
encrypted text that may be posted as echomail? Like a plugin perhaps,
something like the provision made (in days of old) for a command line in the file base config but in this case to be invoked when text is being
read/written to FSE?
There is an overhead to doing high end encryption and hashing to
consider, too. How do we know who should have access to the encrypted
mail unless we try to decrypt it and see if it works? We can't exactly store the private key with the data to know if the user has the key...
Perhaps a case of using a team/group key that changes as members come and go? I've been reading about a service that offers such a thing and wondered if it could be leveraged somehow for echomail.
Mystic is using high end encryption and hashing in most places, and
these come at a cost and you can see how that quickly can get out of
hand when a user has lot of keys. PGP works because the processing
isn't done by the server but by the client but in this case it'd be
Mystic doing it.
Sounds like another good argument to provision some kind of acceptable plugin for a PGP client? That would be fun to test out.
Best, Paul
--- Mystic BBS v1.12 A40 2018/12/25 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)