From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <559b5ec89e2cfd991a8152e0ceddc88c@snellwilcox.com>
From: steve-simon@ntlworld.nospam.com
To: 9fans@cse.psu.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: [9fans] cryptographic signatures & factotum
Date: Thu, 11 Mar 2004 23:03:01 +0000
Topicbox-Message-UUID: 2b2aa458-eacd-11e9-9e20-41e7f4b1d025

Hi,

I want to reinvent a wheel.

I want to be able to send an email from home to work
which will cause my work machine to cpu(1) back to me.

To prevent mistakes and nasty people this should be
cryptographicially signed, PGP already does this, but
I don't fancy implementing or porting PGP.

I was thinking of just an email with 2 attachements
one being the command to execute, the other being an
SHA1 hash of this command followed by a shared secret.

The neatest way to check the has would be to pass the hash
of the command to factotum and let it hash the secret and
reply yea or nay.

I could write a seperate program and use proto=pass
to query factotum but why make it release secrets it needn't?

Anyone see any flaws?
Anyone know of facilities in factotum that do this already?
Other (relevant :-) thoughts?

-Steve