So, Steven Bellovin's comments on various clients he wanted to use with
PGP got me thinking, and it got me thinking that I just don't trust them
with my passphrase. For stuff like that, it seems to make a lot more
sense to implement a small, trusted "PGP server" with a console that
would accept requests from client applications for use of keys, allow
me to approve or deny these requests, take my password when necessary,
act as a caching agent for my key, and so on. Essentially, I envision
something like this:

     * Run server, enter my password, it caches my keys.

     * Client requests encryption of stuff, either with a given key or
       with no particular key
     * Server prompts me to see if client is allowed to use the encryption
       service
     * Server help me find the key to use, or shows key info for
       the client-requested key, and I verify trust information and tell
       server that it's ok to use the key
     * Server then performs encryption for client on request, until its
       time limit expires or I cut it off.

     * Client requests signing of stuff
     * Server prompts me to see if client is allowed to use the encryption
       service
     * Same as above re chosing keys and so on
     * Server then performs signing for client on request, until its
       time limit or signature count limit expires or I cut it off.

Thoughts?

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 90 7737 2974   http://www.NetBSD.org
      Make up enjoying your city life...produced by BIC CAMERA