Volume 5, Number 13 28 March 1988 +---------------------------------------------------------------+ | _ | | / \ | | /|oo \ | | - FidoNews - (_| /_) | | _`@/_ \ _ | | International | | \ \\ | | FidoNet Association | (*) | \ )) | | Newsletter ______ |__U__| / \// | | / FIDO \ _//|| _\ / | | (________) (_/(_|(____/ | | (jm) | +---------------------------------------------------------------+ Editor in Chief Dale Lovell Editor Emeritus: Thom Henderson Chief Procrastinator Emeritus: Tom Jennings Contributing Editors: Al Arango FidoNews is published weekly by the International FidoNet Association as its official newsletter. You are encouraged to submit articles for publication in FidoNews. Article submission standards are contained in the file ARTSPEC.DOC, available from node 1:1/1. Copyright 1988 by the International FidoNet Association. All rights reserved. Duplication and/or distribution permitted for noncommercial purposes only. For use in other circumstances, please contact IFNA at (314) 576-4067. IFNA may also be contacted at PO Box 41143, St. Louis, MO 63141. The contents of the articles contained here are not our responsibility, nor do we necessarily agree with them. Everything here is subject to debate. We publish EVERYTHING received. Table of Contents 1. EDITORIAL ................................................ 1 FidoNet: Stand Up Now or Watch it Die .................... 1 2. ARTICLES ................................................. 3 Public Key Encryption .................................... 3 FireNet Revisited ........................................ 7 New Area Code in Florida ................................. 9 Introducing "The Good Egg Network" ....................... 10 MegaList - Seven months later (an update) ................ 14 Nominations for IFNA BoD Positions ....................... 18 Net 322 forming in Massachusetts ......................... 19 Setting Up NetMail With QuickBBS ......................... 21 3. COLUMNS .................................................. 26 Let's YACK about Electronic Voting ....................... 26 4. NOTICES .................................................. 28 The Interrupt Stack ...................................... 28 Contact Hours Changing for RC 18 ......................... 28 Latest Software Versions ................................. 28 FidoNews 5-13 Page 1 28 Mar 1988 ================================================================= EDITORIAL ================================================================= Don Daniels, President International FidoNet Association FidoNet 1:107/210 FidoNet: Stand Up Now or Watch it Die I just heard something about Randy Edwards that appalls me. Oh, not what HE's said or done, but what is being done to him. It seems that someone out there has decided that Randy's controversial and rather vociferous opinions have justified, in return, certain threats against himself and his family, telephone harrassment of them, and attempts to crash his system. This type of response is absolutely wrong. Some might argue that to quite some extent, Randy deserves what he gets, in that his behavior has also resulted in a crashed system or two and he has certainly abused the hospitality of others who freely provide certain resources for specific purposes other than those pursued by Randy. But for the most part Randy, through overzealousness, is only guilty of certain insensitivities of the rights of others and the other results have been inadvertant by-products. But, regardless of his own level of any culpability, two wrongs never make a right -- and the escalation in this situation has moved beyond the realm of insensitivity of the rights of others to out-and-out anti-social behavior and illegality. Make no mistake about it: telephone harrassment is illegal, regardless of whatever form it takes and it should be something that FidoNet totally stands against, instead of, unfortunately, being an uninvolved party to its promotion. To quite some extent, what we see now is the unsurprising result of not taking stands in the past to protect the rights of others. On far too many occasions, individuals have been unjustly attacked or harrassed and the Net has sat by with a collective, "So what?" attitude instead of speaking out against such practices or seeking to effect a just disposition of such cases as have been brought forward. The result of such inaction is that now we have an atmosphere where freedom of dissent - no, freedom of any opinion - is likely to bring about personal attacks and where escalation into illegality is becoming a norm. The eventual result of this can only be the destruction of that ideal of FidoNet and the wonderful benefits it could provide to so much of society. Randy has questioned why IFNA should exist. Well, he's certainly discovered one of the primary reasons: as a non-profit, FidoNews 5-13 Page 2 28 Mar 1988 educational body, IFNA sees as one of its main priorities the formation and distribution of certain basic policies and procedures that are designed to safe-guard the rights of individuals thereby giving them the protections to freely continue in their personal "pursuit of happiness." Everyone, within FidoNet or not, should have the right to say, do, or experience anything they wish that, in turn, does not interfere with those same rights for others. But the net as a whole cannot just stand by and "let IFNA do it" or hope that perhaps someone else will speak out against injustices. If you believe in the perpetuation of FidoNet you must now take a stand against any and all such practices as have been directed against Randy and others. Each and every one of you should call for a stop of these blatant violations of rights and should demand that those in positions of authority take all necessary steps to see that the indiviuals responsibile for such acts be removed from FidoNet and that clear guidelines exist to prevent reoccurrences. This stand must be taken NOW, before it's too late -- if, indeed, it's not too late already. ----------------------------------------------------------------- FidoNews 5-13 Page 3 28 Mar 1988 ================================================================= ARTICLES ================================================================= Public Key Encryption I have seen a few referances to Public Key Encryption recently and since I claim to actually know something about the subject, I thought I would try to clear up a few misconceptions. Let me start with a bit of history. Some time ago people were thinking about electronic communication (lets call it email even if most of what I plan to say could also be applied to other forms of communications like voice phone calls). This was quite a while before Fidonet. They thought that for email to be really usefull people need to have confidence in the confidentiality of their messages. To be honest it is just too easy to eavesdrop on email. These people thought that encryption was the best way to ensure confidential email. Other ways are possible but they all tend to rely on some form of trust in one way or another. Now there is nothing wrong with trusting someone but in practice it is depressingly rare. In fact various form of encryption were and are in common use for email already. They generally use a, so called, key which is used to translate, so called, plain text into a secure form before transmision and then used again to reverse the process after transmision. So to send a confidential email message you first must agree on a key since, of course, if you try to use different keys, you won't be able to reverse the original conversion appropriatly. This is where the problem comes up. How do you find out what key was used to encrypt the original message. The conventional answer is that you use a separate channel of comunications for agreeing on keys. If you use a telephone for the encrypted messages, then you send the key via the post office or a courier or an armed gaurd depending on how serious you are. This is where the Public Key Encryption idea started. Theses people wanted to use the same channels of communication for their keys as they used for the confidential email. They wanted to do away with the couriers and the post office and all the rigamarole but they did not want to give up the security that had been already accomplished. It is pretty obvious that you couldn't just put the key to decodeing your message right in front of the message since then ANYONE listening in could decode and then read your message. What was eventually figured out was that it IS possible to first send a message telling someone how to ENCODE a message which is then sent BACK to the original person and still have a secure message. For instance I can tell you how to scramble a message in a certain way so that only I can read it. Anyone listening in will FidoNews 5-13 Page 4 28 Mar 1988 only find out how to scramble messages and they will also have a copy of the scrambled message that you eventually send me but they can't unscramble the message to find out what you are saying to me. The only practical and secure way of actually implementing such a system discovered so far is generally refered to as the RSA Public Key Encryption system. It is based on an article called "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems" writen by R.L.Rivest, A.Shamir and L.Adleman published in the February 1978 issue of Comunications of the ACM. The system they discovered is based on very large prime numbers. The larger the numbers, the more secure the system becomes. Keys based on numbers of the size we contend with every day up to millions or billions are pretty easy to decode even if you don't know the key. However it is possible to set up keys with hundreds of digits and almost guarantee that no one will ever be able to decode the messages without the key. The process actually produces two different, but related keys. One part is used to encrypt or scramble the original message and the other part is then kept to yourself and used to unscramble the message. One you have produced a pair of keys, you can give out the first part to anyone that wants to send confidential messages to you. The half of the key that you give out is refered to as a Public Key because you send it out over the public comunications channel and it doesn't matter who knows it. If you want to send a private message to someone you must first get their public key. For two-way communication there is two sets of keys involved. Two public keys and two private secret keys. The public keys are exchanged before any confidential exchanges can take place. In fact you can publish your public key so that it is public knowledge. For instance I have generated a key for myself to use. It is: n = 2736819260645630669527694759316520435577 74311021562498273154432038898470487 e = 1318658420201053439930112933655370300596 0307881881836602807819529828909731 I had to break the numbers up to fit on these lines. They are about 75 digits each. This key is considered to be of "moderate" security. A high security key would consist of numbers of 150 to 200 digits each. Note that the two numbers above are just the one public key. There is a third number to go with the two above that is the private part of my key. Now you can use this key to send me absolutly (practicly speaking) confidential messages. About this time you might be saying "Now wait just a minute, what do I do with these big numbers? I don't think my computer will even understand numbers that big!" and you are FidoNews 5-13 Page 5 28 Mar 1988 perfectly justified in asking. As it happens, your computer WILL handle numbers like those well enough. You just need the right programs. To make it easier for you I have created a program to do all the RSA ecryption and decryption work for you. It will even generate the big number keys for you to have your own personal public keys. The encryption and decryption processes work with disk files on your MS-DOS computer. I called the program PKSCrypt and it is currently released at version 0.2a. You can call my Fido and download the file (called pkscrypt.arc) on your first call. (1-403-282-1703 no file requests though, sorry) If you actually go to the trouble of getting a copy of the program and play around with it, you will quickly find out why this system is not going to replace the conventional encryption systems. It is very slow. For example it will take about 15 minutes to encrypt a 1000 byte file using my key on a PC (give or take a few minutes). In fact it is so slow that you might think it is completely useless. Before we forget about the whole idea, remember what the original problem was. All we need to encrypt is the key for one of the standard encryption methods so that we can send it over our standard communications channel. Lets get more specific for a minute. Most of the readers of Fidonews are sysops on fidonet and I suspect that most of you are familiar with Bob Hartman's ConfMail system. Confmail has a built in encryption system of the conventional type. Some of you out there are probably already using this feature to make some of your links secure. You must have agreed with your corespondents on a key. Perhaps you just sent the other sysop a private message. You probably didn't and wouldn't have any trouble with such an arrangement BUT it is remotly possible that for the same reason that you descided to use the encryption in the first place, that key could have gone astray. You would be no better off than if you