[348] in Zephyr Mailing List
"Gale", a secure, distributed, open-source chat system
daemon@ATHENA.MIT.EDU (Dan Geer)
Tue Feb 22 00:24:39 2000
Message-Id: <200002220524.AAA06977@world.std.com>
To: zephyr@MIT.EDU
Date: Tue, 22 Feb 2000 00:24:16 -0500
From: Dan Geer <geer@world.std.com>
------- Forwarded Message
Date: Tue, 18 Jan 2000 20:20:24 -0800
From: Ryan Lackey <ryan@venona.com>
To: cypherpunks@algebra.com, cryptography@c2.net
Subject: "Gale", a secure, distributed, open-source chat system
(I just posted this epinions.com review of Gale, a secure multiplatform
open-source chat system. I figured I'd send the text to cypherpunks and
cryptography as well)
Gale is a secure, multiplatform, open-source chat system. Unlike systems
like ICQ and AIM, both the client AND the server are freely available,
and all of the protocols are open and extensible.
Gale was developed by Dan Egnor. The homepage for the gale distribution
and development effort is http://www.gale.org/). Clients have been
developed by a variety of others, and Gale itself is released under an
open-source license.
The name "Gale" is a sly reference to "Zephyr", the MIT-developed
chat system from the 1980s and still in active, if not widespread, use.
The comparison is accurate -- compared to the relatively limited Zephyr,
Gale is much more powerful, secure, and useful. It is designed to
eventually scale to millions of simultaneous users, supporting a
sophisticated distributed network of servers carrying personal, local,
and global messages. There is no central gale server; everything is
distributed, the only way to design a system for scalability to large
numbers of users without charging subscription fees. Basically, it's
the difference between the way email, web, etc. are designed (fully
distributed and decentralized) and old-fashioned centralized computing
like AOL. By being this decentralized, no one organization ends up
with control over the gale universe; users can operate their own servers
with no connections to the outside world, or can voluntarily connect
their servers to other servers. An unofficial collection of servers
forms the gale "backbone", carrying most public traffic.
Unlike most chat systems, Gale uses key identifiers based on the user's
email address. This makes it very easy to guarantee users have
unique identifiers, as well as figure out someone's address without
having to use a special search engine.
Gale's most important feature, however, is the high degree of security
in its design. Gale uses public-key signatures and encryption of
individual private messages ("puffs"), keeping them secure from
evesdroppers or even server operators, and uses public-key signatures
on public messages.
Gale includes a variety of clients, including commandline, java, and
graphical clients. One client, Fugu, is written in Python/TCL, providing
an easy cross-platform solution for UNIX as well as Windows. It is
easy to write new clients for new platforms; perhaps in the future
there will be clients for WAP and other emerging technologies.
Gale is still in alpha stage, under active development. Recent changes
to US cryptography export laws will allow Gale to be exported, increasing
its usability. The main areas of gale which still need to be improved
are:
* The process of setting up a new gale domain (usually mapped to DNS
domains, so aol.com would maintain its own gale domain aol.com) needs
to be simplified.
* Client software should be easier to use and more automatic in initial
configuration
* The cryptography should be replaced with a non-RSA algorithm, perhaps
using the OpenPGP format for keys and messages, to support patent-free
commercial use in the US.
* Links to external systems, such as zephyr, irc, icq, etc. should be
developed.
* Anti-spam techniques, such as filtering, moderation, etc. need to
be developed for use when the population of gale users goes from the
current several hundred to an eventual (hopeful) many million.
The main competition for gale is:
* IRC
IRC is used by perhaps 100 000 users worldwide. IRC affords
no message encryption, minimal authentication (identd is
sometimes used, which is almost worse than nothing at all),
and has a culture built around "/kick", banning users, channel
takeovers, and general childishness; the public networks are
not really suited for professional use. IRC is a perfect example
of why security should be designed into network protocols rather
than relying on social pressure.
* Zephyr
Zephyr is a chat system originally developed by MIT Athena
as a system message service (printer has finished printing
your job, etc.), now used as a chat system at MIT and other
locations. It is tied to the Kerberos authentication system,
providing relatively secure but complicated authentication,
but no message encryption. Zephyr is very complex to set up
if you don't run Kerberos, as Kerberos itself is a major effort
to configure. Zephyr is also the least actively developed
and maintained of the various chat systems, and is only
minimally crossplatform.
* AIM, ICQ, NetMeeting, Yahoo Chat
These systems are fundamentally different from gale in that
they offer no security, are highly centralized, and do not
support the kind of categorization, distribution, and other
features which make gale unique. However, they currently have
the largest number of users.
* IMPP (http://www.ietf.org/html.charters/impp-charter.html)
Internet Messaging and Presence Protocol is an IETF standards
effort designed to create an interoperable person-to-person
chat system with privacy protection for presence information.
This effort does have a security aspect to it, but neglects
several important features -- multiperson chat "channels"
being one of the most glaring omissions. Additionally, it's
still in the requirements and design phase; no actual code has
been developed, and it may take a very long time for this effort
to produce a working prototype.
* Jabber (http://www.jabber.org/)
Jabber is perhaps the most serious competition for gale. It is
a "meta-chat-system", consisting of a server and lightweight
clients and interfacing with a variety of other systems, including
ICQ, IRC, etc. However, since those protocols do not themselves
have much in the way of security, Jabber itself ends up not having
much security, although the developers of Jabber do seem to be
conscious of security themselves. Jabber also has a large
number of developers and many clients under development. Jabber
is built using XML, granting it full buzzword compliance :)
--
ryan@venona.com
http://www.venona.com/rdl/
1024D/4096g 0xD2E0301F B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F
--- end forwarded text
------- End of Forwarded Message
