Individual thought about assignment 2

On the first time, I thought it was individual assignment and must be difficult, and I almost dropped this subject, but I took it easy and just let it flow. In fact, this second assignment is quite challenging and interesting. It is talk about online game. We have to develop a game that in concept is easy but when we are trying to develop the systems, it is so difficult. To do research about the systems itself, it took more than one month. The problem was how to integrate between mobile phone platforms and central server. Fortunately, the team was cooperative and smart.

Some of the instructions are confusing and weird in the subject outline, but it was not bothered us much. I want to thank for all of you guys and Peter, as a lecturer, has guided us along this assignment so we can finish this assignment on time. Good on ya.

PGP article (For Technical readers - Magazine)

Slegers (2002, the.comp.security.pgp FAQ, chap.1) defines that PGP is a program to protect user’s e-mail (electronic mail) privacy. The method is encrypting (jumble) user’s e-mail so that the e-mail could not be read by someone. After the message encrypted, the words look like a meaningless jumble of random characters. PGP has tested itself and it quite capable even if someone tries to use the most sophisticated programs aimed to read the encrypted text.

PGP can be used to put a digital signature in to a message without using encryption method. In general, the digital signature used in public postings where users does not want to hide anything or what they are saying, but especially to allow others to verify that the message really came from a sender. When a digital signature is created, it could not be modified either the signature without any modification detected by PGP or the message.

The PGP and the other PGP products are using RFC 2440 standard to encrypt and decrypt data. The other similar programs are Authora Inc., Veridis, EasyByte Cryptocx, GNU Privacy Guard and Patrick Townsend & Associates.

Barnard (1997, How it works: A Quick & dirty primer on Public Key cryptography, page.2) tries to determine how PGP works. With traditional cryptography, user encrypts their message with a key. To encrypt and decrypt, user needs this key. Both user and their recipient have the key and only those with the same key can decrypt the message. The problem is how is the user getting that key to their recipient? It was still this problem for a long time in good cryptography.

There are two keys involve in public key cryptography. One key is needed for encrypting (the recipient’s public key) and another key needed for decrypting (the recipient’s private key). Once user has encrypted their message with one of these keys, they can only decrypt the message with another key.

When users use PGP, they have to create a keypair. One of those keys is the public key and it should be publicize as widely as possible. The other one is the private key that should be kept by user. So, anyone who wants to send to a recipient private e-mail will encrypt the message with the public key. Once that message is encrypted, only user or the owner of the corresponding private key who can decrypt the message.

Indeed, public key cryptography is very expensive computation. It needs a massive computing power to encrypt and decrypt a message. As a result, PGP does encrypt the message with a modern algorithm (the IDEA algorithm) and uses the recipient’s public key to encrypt the IDEA key to decrypt the message. This job will take by PGP and user do not have to track of any IDEA keys or something like that but its good to know how PGP works.

PGP is very secure against eavesdroppers because the cryptographic algorithms used for signing and encryption in PGP is very well proved and there are no weaknesses found. The only unknown thing is that any encryption method based on RSA whether or not there is an easy way to factor large numbers or there is another way of algorithm that can break the codes without breaking the factoring problem. Even there is no such algorithm founded but RSA is still the weakest link in the PGP chain (Slegers 2002, chap.3).

In PGP, there is a digital signature. Digital signature is an electronic signature which can be used to authenticate the signer of a document or the sender of a message and to ensure that the original document or message that has been sent is unchanged. A digital signature can be used for all messages, whether it is encrypted or not (TechTarget 2006, p.1).

References

Barnard, CL 1997, Getting started with encryption: An introduction to PGP, last updated 28 May 1997, viewed 16 April 2007, <http://people.cs.uchicago.edu/~cbarnard/pgptalk/pkcintro.html>

Digital Signature 2006, last edited 10 July 2006, TechTarget Corporate, Needham, MA, viewed 15 April 2007, <http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211953,00.html>

Pretty Good Privacy 2007, last edited 10 January 2007, Wikipedia Foundation Inc., St. Petersburg, viewed 15 April 2007, <http://en.wikipedia.org/wiki/Pretty_Good_Privacy>

Slegers, W 2002, The.comp.security.pgp FAQ, last updated n.a., Your Creative Solutions, the USA, viewed 15 April 2007, <http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-general-questions.html>

PGP article (For Non-technical readers - Newspaper)

Bacard (2005, Non technical – PGP FAQ, p.1) determines that Pretty Good Privacy (PGP) is a computer program to scramble (encrypt) and unscrambles (decrypt) data so that an e-mail (electronic mail) hard to tapped by someone. This program was created by Philip Zimmermann in 1991.

How PGP works?

PGP is a public key cryptography method. When user starts using PGP, the program will generate two keys which belong uniquely to user. The easy way to remember is that these keys are computer counterparts of the keys in user pocket. One PGP key is secret and stores in user computer and the other key is public. User will give this second key to their partners (Barcard 2005, p.2).

Here is a sample of public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----Version: 5.0 mQCNAi44C30AAAEEAL1r6ByIvuSAvOKIk9ze9yCK+ZPPbRZrpXIRFBbe+U8dGPM9XdJS4L/cy1fXr9R9j4EfFsK/rgHV6i2rE83LjOrmsDPRPSaizz+EQTIZi4AN99jiBomfLLZyUzmHMoUoE4shrYgOnkc0u101ikhieAFje77j/F3596pT6nCx/9/AAURtCRBbmRyZSBCYWNhcmQgPGFiYWNhcmRAd2VsbC5zZi5jYS51cz6JAFUCBRAuOA6O7zYZz1mqos8BAXr9AgCxCu8CwGZRdpfSs65r6mb4MccXvvfxO4TmPi1DKQj2FYHYjwYONk8vzA7XnE5aJmk5J/dChdvfIU7NvVifV6AF=GQv9-----END PGP PUBLIC KEY BLOCK-----

Suppose that the public key above belongs to A and A e-mail it to his friend (called B). B can store A’s public key in B PGP program and use A public key to encrypt a message that only A can read it. One benefit of PGP is that A can spread his public key as same as telephone number. An example is if A has B’s phone number, A can call B phone, but A cannot answer B phone. This example has the same way with public key. If B has A’s public key, B can send A mail; on the other hand, B cannot read A letter.

What is a PGP digital signature?

Suppose that this report signed by A’s PGP “digital signature”. This authorization would allow persons who have A’s Public key and PGP to verify that A wrote this document and nobody can change this text since A signed it. PGP signatures will be helpful for transferring money, verifying a person’s detail and signing contracts (Youd 1996, p.1).

References

Bacard, A 2005, (Non-Technical) PGP FAQ, last updated n.a., Computer Privacy Handbook, France, viewed 13 April 2007, <http://www.andrebacard.com/pgp.html>

Digital Signature 2006, last edited 10 July 2006, TechTarget Corporate, Needham, MA, viewed 13 April 2007, <http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211953,00.html>

Feisthammel, P 2002, Explanation to the wordings used with PGP, last updated 19 June 2002, Germany, viewed 13 April 2007, <http://www.rubin.ch/pgp/glossar.en.html>

Slegers, W 2002, The.comp.security.pgp FAQ, last updated n.a., your Creative Solutions, the USA, viewed 13 April 2007, <http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-general-questions.html>

Youd, D 1996, What is a Digital Signature?, last updated n.a., The Youd Zone, the USA, viewed 13 April 2007, <http://www.youdzone.com/signature.html>

Note 57

In this website, it guides you how to installing PGP and how to using PGP. Overall, it is nice because the texts along with many figures, so you will not confuse how to use it. Remember, it is only describe for Windows only, no explanation on Apple Macs.

Reference

A basic introduction to installing and using PGP 2007, last edited n.a., place of publishing n.a., viewed 30 April 2007, <http://www.shac.net/pgp/>

Note 56

This article determines changing PGP 2.x with GnuPG. It described in both technical and theory. In sum, it is cool and nice.

Reference

Hasselbacher, K 1999, Replacing PGP 2.x with GnuPG, last updated n.a., palce of publishing n.a., viewed 20 April 2007, <http://www.gnupg.org/gph/en/pgp2x.html>

Note 55

Here are the complete syntaxes. It started from encryption to configuration tables described in tables so readers will easy to look into it.

Reference

Helmberger, F 1997, A pretty good PGP reference card, last edited 16 April 1997, O'reilly and Associates Inc., USA, viewed 29 April 2007, <http://www.geocities.com/Athens/1802/pgpcard.html>

Note 54

This link is a good website. User can find many PGP products and references in this site.

Reference

PGP 2005, last edited n.a., Google Directory, viewed 29 April 2007, <http://www.google.com/Top/Computers/Security/Products_and_Tools/Cryptography/PGP/>

Note 53

There is a complete description to protect e-mail client with different platforms. Overall, it is good in explanations on each platform.

Reference

Bretschneider, M 2006, Secure e-mail client with PGP/ MIME, last updated 2 May 2006, Germany, viewed 28 April 2007, <http://www.bretschneidernet.de/tips/secmua.html>

Note 52

If you are a newbie and you do not now how to upload key servers, remove key servers and search for keys. This website may help you a lot.

Reference

Ross, DE 2007, PGP: Public Key Servers, last updated 14 January 2007, W3C, USA, viewed 28 April 2007, <http://www.rossde.com/PGP/pgp_keyserv.html>

Note 51

This is only a short note about PGP message exchange formats. There were many formats explained in this site. It is good information for many different PGP formats.

Reference

Stallings, W, Atkins D & Zimmermann, P 1996, PGP message exchange formats, last updated August 1996, Network Working Group, USA, viewed 27 April 2007, <http://www.ietf.org/rfc/rfc1991.txt>

Note 50

This is a short article in OpenPGP. Even PGP is strong enough, but there were still vulnerabilities in PGP that cannot hide. This article is not bad and it discussed the commercial and business ways.

Reference

Branscombe, M 2006, Whatever happened to PGP?, last updated 21 May 2006, The Register, London, viewed 27 April 2007, <http://www.theregister.co.uk/2006/05/21/pgp_update/>

Note 49

Still confuse with PGP? Try this alternative site. The introduction and tutorials described on this website. In sum, it is great.

Reference

Henry, K 2007, Getting started with PGP, last updated n.a, Crossroads, USA, viewed 27 April 2007, <http://www.acm.org/crossroads/xrds6-5/pgptutorial.html>

Note 48

A bug in PGP was found by Senderek. It is nice, because it revealed the vulnerabilities and the solutions to solve these problems.

Reference

Kelm, S 2000, Serious bug in PGP v.5 and v.6, last updated 11 October 2000, PKI symposium, Netherlands, viewed 27 April 2007, <http://cryptome.org/pgp-badbug.htm>

Note 47

This is a forum for PGP and GnuPG. It is updated forum. You can join and ask everything of those.

Reference

PGP Basics – Promotes the use of PGP and GnuPG 2007, last edited n.a., viewed 26 April 2007, <http://tech.groups.yahoo.com/group/PGP-Basics/>

Note 46

Actually, I do not have enough knowledge on XML and this website tries to combine the XML Key Management Specification (XKMS) with PGP. The details are good and in depth analysis.

Reference

Linberg, T & kahan, J 2005, Using XKMS with PGP, last edited 19 December 2005, W3C, Cambridge, MA, viewed 26 April 2007, <http://www.w3.org/TR/xkms-pgp/>

Note 45

Pgpdump, this is a new term for me. What is it and how it works? Check this cool website.

Reference

Yamamoto, K 2007, pgpdump, last edited n.a., IIJ Research Laboratory, Japan, viewed 26 April 2007, <http://pgp.iijlab.net/pgpdump.html>

Note 44

It introduces PGP’s feature, Additional Decryption Keys (ADKs). It discussed in details and totally, it is good and complete.

Reference

CERT Advisory CA-2000-18 PGP may encrypt data with unauthorized ADKs 2000, last edited 28 September 2000, Software Engineering Institute, Pittsburg, PA, viewed 26 April 2007, <http://www.cert.org/advisories/CA-2000-18.html>

Note 43

Here are good tips for PGP cryptography. Indeed, there are seven tips, but on the title there are five tips of PGP.

Reference

PGP 5 Tips 2006, last edited n.a., place of publishing n.a., viewed 25 April 2007, <http://www.shub-internet.org/pgp_5_tips.html>

Note 42

If you are confusing to find keyserver, there is keyserver FAQ on this website especially Apache.

Reference

JoGuNET PGP Public Key Server 2006, last edited n.a., Gutenberg Universitat, Germany, viewed 25 April 2007, <http://pgp.uni-mainz.de/>

Note 41

Does anyone using Apple products? This is a PGP security for Apple if a user sending an e-mail. There is an Apple product security key as well.

Reference

Protecting Security Information 2007, last edited 9 May 2006, Apple Inc., USA, viewed 25 April 2007, <http://www.apple.com/support/security/pgp/>

Note 40

I found the description for mutt and GnuPG. I post the implementation of PGP and mutt before and these are the explanation in details such as how it works, the setting and so on.

Reference

Seco, A & Horacio, J 2002, Mutt-i, GnuPG and PGP Howto, last updated 2 February 2002, place of publishing n.a., viewed 25 April 2007, <http://tldp.org/HOWTO/Mutt-GnuPG-PGP-HOWTO.html>

Note 39

This is a calculation of particular ciphertext against GnuPG and PGP. The most explanation determined in mathematical way. I could not understand, but if you good at mathematic, it should be nice.

Reference

Jallad, K, Katz, J & Scheinier, B 2002, Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG, last updated n.a., Information security conference, USA, viewed 23 April 2007, <http://www.schneier.com/paper-pgp.pdf>

Note 38

Here are the commands of PGP from or within “mutt”. I do not what the mutt is? Does anyone can help me to elaborate the mutt? Thanks a lot.

Reference

Using PGP from within mutt 2001, last edited 11 June 2001, viewed 23 April 2007, <http://www.mutt.org/doc/PGP-Notes.txt>

Note 37

These are some command to merge FOAF file with PGP. I do not know what is FOAF file? There is no a bit explanation of it.

Reference

PGP signing FOAF files 2005, last edited n.a., Useful information Company, viewed 22 April 2007, <http://usefulinc.com/foaf/signingFoafFiles>

Note 36

This website tries to explain how to give a key to the unknown persons and it also give the problem solving with creating a web method. Overall, it is nice and ease to learn along with diagram.

Reference

Feistehammel, P 2004, Explanation of the web trust of PGP, last updated 7 October 2004, place of publishing n.a., viewed 22 April 2007, <http://www.rubin.ch/pgp/weboftrust.en.html>

Note 35

This is an old version of PGP for MAC computer. The bugs have been fixed. Perhaps, I could find the newest version of PGP for MAC.

Reference

MacPGP 2.6.3 Home Page 1997, last edited 14 January 1997, place of publishing n.a., viewed 21 April 2007, <http://www.math.ohio-state.edu/~fiedorow/PGP/>

Note 34

Here is the other website to attack PGP, but in mathematics and a bit physic. Honestly, I hate mathematics and physics, so I cannot explain in depth and cannot understand what is talked about. If you good at both sciences, it should be ok.

Reference

PGP Attacks 2007, last edited n.a., place of publishing n.a., viewed 21 April 2007, <http://axion.physics.ubc.ca/pgp-attack.html>

Note 33

If you want to join PGP/ OpenPGP/ GPG community, here is the link to subscribe. This is a discussion that anyone can join for free.

Reference

The PGP-USERS List: the Worldwide Discussion List for OpenPGP/PGP/GPG Users 2007, last edited n.a., The CryptoRights Foundation, San Francisco, CA, viewed 20 April 2007, <http://www.cryptorights.org/lists/pgp-users/>

Note 32

If you want to know more about PGP v7.0.3 features, check this out. You can download for free as well because it is freeware.

Reference

PGP Freeware 2005, last edited n.a., SecureMac.com, viewed 20 April 2007, <http://www.securemac.com/pgpfreeware.php>

Note 56

This article determines changing PGP 2.x with GnuPG. It described in both technical and theory. In sum, it is cool and nice.

Reference

Hasselbacher, K 1999, Replacing PGP 2.x with GnuPG, last updated n.a., palce of publishing n.a., viewed 30 April 2007, <http://www.gnupg.org/gph/en/pgp2x.html>

Note 31

This is an article that explained about PGP v9.6 on Vista platform and USB thumb drive. In conclusion, PGP v9.6 could be powerful, if it used properly. For further information, you can link to the webpage.

Reference

Patrizio, A 2007, PGP adds Vista, USB Drive Encryption Support, last updated 2 April 2007, Jupiter Media Corporation, Darien, CT, viewed 19 April 2007, <http://www.internetnews.com/security/article.php/3669331>

Note 30

These are setting for Linux kernel archives OpenPGP signature key. I could not understand what it means. It looks like the other PGP key for Windows.

Reference

The Linux Kernel Archives OpenPGP signature 2007, last edited n.a., Linux Kernel Organization Inc., viewed 19 April 2007, <http://www.kernel.org/signature.html>

Note 29

There is nothing interesting in this website. It is only determines the PGP development analysis from year to year.

Reference

McBurnett, N 2004, PGP Web Trust Statistics, last updated 19 April 2004, viewed 19 April 2007, <http://bcn.boulder.co.us/~neal/pgpstat/>

Note 28

If you find some difficulties on PGP, this website may help you out but only for PGP v5. There are some Mollusc tools available for you to download for free.

Reference

PGP tools for Net services 2007, last edited n.a., place of publishing n.a., viewed 19 April 2007, <http://www.compulink.co.uk/net-services/pgp/>

Note 27

There are many tools for encrypting. EPIC provides not only e-mail but also voice, HTML, etc. In general, it is a good website because it gives the links along with description.

Reference

EPIC Online Guide to Practical Privacy Tools 2006, last edited 31 July 2006, EPIC Org., Washington, DC, viewed 17 April 2007, <http://www.epic.org/privacy/tools.html>

Note 26

For non IT background, this website tries to explain in an easy way and they won’t learn difficult terms because it is been already described.

Reference

Bacard, R 2007, (Non Technical) PGP FAQ, last updated 11 April 2007, place of publishing n.a., viewed 17 April 2007, <http://www.andrebacard.com/pgp.html>

Note 25

Nothing special in this website. It is only describe some of PGP tools such as caff, PGP clean, and so on.

Reference

PGP tools 2006, last edited 4 May 2006, Tigris.org, viewed 16 April 2007, <http://pgp-tools.alioth.debian.org/>

Note 24

Which one is better? PGP DH or PGP RSA? Simpson tries to determine the pros and cons of those. He explained in details including technical things.

Reference

Simpson, S 1999, PGP DH vs RSA FAQ, last updated 20 September 1999, place of publishing n.a., viewed 16 April 2007, <http://www.scramdisk.clara.net/pgpfaq.html>

Note 23

Confusing to find path for PGP and key statistics? There is a form to find out in this website. Indeed, I do not know what is used for?

Reference

PGP pathfinder & key statistics 2007, last edited 9 April 2007, viewed 17 April 2007, Utrecht University, TB, Utrecht, viewed 15 April 2007, <http://pgp.cs.uu.nl/>

Note 22

To setup your PGP on your Apache HTTP Server Project, these are the steps to configure it. I could not understand the coding. It is too difficult to understand.

Reference

Apache HTTP Server Project 2005, last edited n.a, place of publishing n.a., viewed 15 April 2007, <http://httpd.apache.org/dev/verification.html>

Note 21

These are PGP tutorial for Linux and Unix systems. Overall, it is good and it also a guide for OpenPGP.

Reference

Lawrence, AP 2001, Information and Resources for Unix and Linux Systems, last updated November 2001, place of publishing n.a., viewed 14 April 2007, <http://aplawrence.com/Basics/gpg.html>

Note 20

This website not only talked about PGP but also the basics, such as digital signatures, public key distribution, how to adding key ring and security issues.

Reference

Barnard, CL 1997, Getting started with encryption: An Introduction to PGP, last updated 28 May 1997, place of publishing n.a., viewed 14 April 2007, <http://people.cs.uchicago.edu/~cbarnard/pgptalk/index.html>

Note 19

This is an article how to manage your server with PGP Universal Management Server. Overall, it is interesting because it is easy to understand.

Reference

Wabiszczewicz, T 2006, Full disk Encryption Suites, last updated 9 November 2006, CMP Media LLC, Manhasset, NY, viewed 13 April 2007, <http://www.networkcomputing.com/showArticle.jhtml?articleID=193500189&pgno=7>

Note 18

In this website, there is no technical explanation. It just briefs frequently asked questions (FAQ) description how to attack and the vulnerable of PGP.

Reference

The PGP Attack FAQ 2005, last edited 1 October 2005, infinity, USA, viewed 13 April 2007, <http://axion.physics.ubc.ca/pgp-attack.html>

Note 17

This website talked about the use of PGP, and pros and cons PGP usage in the USA. Overall, it is only talked about the legal issues of PGP in the USA and outside the USA.

Reference

Pretty Good Privacy – Legal Issues 2005, last edited n.a., place of publishing n.a., viewed 12 April 2007, <http://www.gamers.org/~tony/pgp-legal.html>

Note 16

This is an alternative website for beginners. Perhaps, it is good because not too technical in term of expressions.

Reference

Hamilton, D 1998, PGP for Absolute Beginners, last updated December 1998, place of publishinh n.a., viewed 12 April 2007, <http://axion.physics.ubc.ca/pgp-begin.html>

Note 15

This website provides some scripts or syntaxes to setup pgpmail.pl. I think this brief tutorial incomplete.

Reference

PGP 2007, last edited n.a., place of publishing n.a., viewed 11 April 2007, <http://216.147.98.109/support_cp_pgp.html>

Note 14

For newbie (beginners), this is PGP tutorials for you. Unfortunately, the version of PGP is out of date. By the way, the steps are easy to learn and helpful.

Reference

Poole, BJP, Caftori, N, Lal, P & Rosenberg, RA 2005, PGP 6.5.8: A Tutorial for Beginners, last updated 7 November 2005, University of Pittsburg, Johnstown, PA, USA, viewed 11 March 2007, <http://www.pitt.edu/~poole/PGP.htm>

Note 13

This is the official website of Philip Zimmermann and he sells PGP 9.0 product. The product will be sent directly electronically from PGP Corp.

Reference

Zimmermann, P 2007, Phil’s Pretty Good Software, last updated n.a., PGP Corporation, Silicon Valley, California, viewed 10 March 2007, <http://www.philzimmermann.com/EN/sales/index.html>

Note 12

In this website the author tries to compare both e-mail encryption using S/MIME and OpenPGP and the details are depth enough.

Reference

S/MIME and OpenPGP, last edited n.a., place of publishing n.a., viewed 10 April 2007, <http://www.imc.org/smime-pgpmime.html>

Note 11

Here is another alternative to find the FAQ about PGP. It contains keys, message signature, security questions, etc.

Reference

Slegers, W 2002, The.Comp.security.pgp FAQ, last updated n.a., place of publishing n.a., viewed 8 April 2007, <http://www.pgp.net/pgpnet/pgp-faq/>

Note 10

Here is the free PGP public key server. You can do extract the key, submit a key and remove a key. Indeed, I do not know what it used for? Anyone can help?

Reference

LaMacobia, B & Horowitz, M 2005, MIT PGP Public Key Server, Place of publishing n.a., viewed 8 April 2007, <http://pgp.mit.edu/>

Note 9

This website contains PGP frontends scripts for Windows, Macintosh, OS/2 and UNIX. Unfortunately, the links were not active anymore.

Reference

Non-DOS/ Windows PGP frontends 2003, last edited 4 January 2003, place of publishing n.a., viewed 7 April 2007, <http://www.hauert.net/pgpother.html>

Note 8

This is an essay debate from Bill Morton, an Anglican parish priest in Campbellton, New Brunswick. It combined between religion and technology (PGP encryption). I think it is interesting. What do you think?

Reference

Morton, WJ 1996, God and PGP vs. the Snoopy Grey People: How Secure E-Mail Helps Me Keep My Vows, last updated 24 September 1996, place of publishing n.a., viewed 7 April 2007, <http://www.davidrothman.com/morton.htm>`

Note 7

In the McCune’s website, he said that PGP 9.0 had been introduced since October 5th 2005. The new changes are an e-mail plug-ins replaced by E-mail Proxy, AOL Instant Messaging encryption and whole disk encryption. This website described the features as well.

Reference

McCune, T 2005, Pretty Good Privacy, last updated n.a., viewed 6 April 2007, <http://dir.yahoo.com/Computers_and_Internet/Security_and_Encryption/PGP___Pretty_Good_Privacy/>

Note 6

This website is a research by Matthew R. to sign file or software with free PGP digital timestamp and can be operated over Internet email. He only found one which is commercial service. Here, there are many commands to setup the Stamper.

Reference

Richardson, M 2004, PGP Digital Timestamping Service, last updated 30 July 2004, I.T. Consultancy Limited, Jersey, USA, viewed 6 April 2007, <http://www.itconsult.co.uk/stamper.htm>

Note 5

A PGP website provides products and downloads to support home office, small business and enterprise business. They provide a product such as PGP Encryption Platform and the features are reducing IT costs, and eliminates training, duplicative tasks, systems, and support issues that plague other approaches.

Reference

PGP 2007, last edited n.a., PGP Corporate, Palo Alto, CA, viewed 5 April 2007, <http://www.pgp.com/>

Note 4

On the Open PGP Alliance, it describes that OpenPGP is a common e-mail encryption standard in the world. Indeed, OpenPGP is a new improvement from the former Pretty Good Privacy (PGP) and from the collaboration of OpenPGP Working Group and Internet Engineering Task group (IETF), they created RFC 2440 standard. This Alliance will help to facilitate technical interoperability of the companies that implement OpenPGP Proposed Standard.

Reference

OpenPGP 2007, last edited n.a., OpenPGP Alliance, California, viewed 5 April 2007, <http://www.openpgp.org/>

Note 3

This is a complete website that discusses on PGP frequently asked questions (FAQs). If you are a newbie (someone who do not know about anything in term of technology), this is great website to know more in depth about PGP and every topic along with some links to access, but there are few links do not work.

Reference

Johnson, P 2002, Where to get PGP and GPG, last updated 14 August 2002, ebible.org, Buena Vista, USA viewed 4 April 2007, <http://cryptography.org/getpgp.htm#WHERE_CAN_I_GET_MORE_PGP_INFORMATION_>

Note 2

Today, I read a website that talked about PGP 8.0 had been released for both freeware and commercial. This is the first version which is compatible with Mac OS and Windows XP. Overall, it talked about new release of PGPs, the source codes and the links to download.

Reference

The International PGP Home Page 2002, last edited 3 December 2002, The International PGP, viewed 3 April 2007, <http://www.pgpi.org/news/#20021203>

Note 1

These both websites talked about Philip Zimmermann, the inventor of PGP. There is an introduction and explanation in PGP. In sum, it is quite interesting and innovative.

References

Pretty Good Privacy 2004, last edited 15 June 2004, TechTarget, Needham, MA, viewed 15 March 2007, <http://searchsecurity.techtarget.com/sDefinition/0,290660,sid14_gci214292,00.html>

Pretty Good Privacy 2007, last edited 13 March 2007, Wikipedia Foundation Inc., St. Petersburg, FL, viewed 15 March 2007, <http://en.wikipedia.org/wiki/Pretty_Good_Privacy>

Programming web servers: Languages for the web

Servlet

Techtarget (2005, servlet, para.1) defines that a servlet is a little size of program which runs on a server. This term was found in the context of the Java applet, a small program which is sent along with a Web (HTML) page but in a separate file. Java applets always running on a client and can provide a calculation for a user or placing an image on user interaction.

Some programs access databases based on user input should be on the server. Indeed, these have been solved using a Common Gateway Interface (CGI) application. On the other hand, If a Java running in the server, these programs can run with the Java programming language. The advantage of a Java servlet on servers with a great number of traffic is that they can be executed faster than CGI applications. The amount of system increasing for each request is slight. It means that rather than a separate program process to be created, every user request is turned as a thread in a single daemon process.

Wikipedia (2007, Java Servlet, p.1) determines several steps of the servlet life cycle:

1. The servlet class runs in the container during start-up.
2. The container invokes the init() method. This method begins with the servlet and has to be called before the servlet can allow any requests. In the whole life of a servlet, the init method needs to be called at once.
3. After initialization process, the servlet can provide client-requests. A request is provided in their own separate thread. The container will call the service() method of the servlet for each request. The service() method establishes HTTP request (GET, POST, etc) and accordingly call the such methods doGet(), doPost(), doTrace(), etc. The developer of the servlet has to provide implementation for these methods. If an implementation for doPost() not available yet, it means that the servlet cannot manage POST requests. A developer must never the service() method.
4. At the end, the container calls the destroy() method that stops the servlet service. The destroy() method such as init() is called only once in the life-cycle of a servlet.

JSP

JSP (2007, JSP, para.1) highlights that Java Server Page or JSP is a server-side technology developed by SUN and can be an extension for the Java servlet technology. JSPs have dynamic coding ability that runs in tandem with HTML code, dividing the page logic from the static elements which is the actual display and design of the page to make the HTML more functional (for example, dynamic database queries).

A JSP needs to be translated into Java servlet before being run and it loads HTTP requests and resulting responses such any servlet. In fact, JSP technology is an easiest way to code a servlet. A translation does in the first time when the application is run. A JSP translator is a trigger for the .jsp file name extension in a URL. JSPs are fully compatible with servlets. User can obtain an output from a servlet or resend the output to a servlet and a servlet can include ouput from a JSP or resend output to a JSP.

Wikipedia (2007, JavaServer Pages, para.5) divides a JSP into several pieces:

1. Static data (HTML)
2. JSP directives (include directive)
3. JSP scripting variables and elements
4. JSP actions
5. custom tags

Perl

According to Lenzer (2004, Perl, para.1) Perl is a text programming language as same as syntax to the C language and includes some UNIX facilities such as awk, tr and SED. Perl is an interpreted language which can be compiled before execution into either cross-platform bytecode or C script. When it compiled, a Perl program will have the same speed as fully precompiled C language program. Perl is a best way to develop common gateway interface (CGI) programs because it has better text manipulation facilities.

Generally, Perl is much easier to learn and code than C and C++ languages. Perl programs can be sophisticated as well. A plug-in can be added for some servers (for example Apache), so Perl will run permanently in memory and causing short time to compile and faster execution of CGI Perl scripts.

About Perl (2007, Perl features, para.3) describes Perl’s features as follow:

1. Perl is taken from the best features of other scripting languages, such awk, sh, C, etc.
2. Perl database integration interface (DBI) works with third-party databases, such as Sybase, Postgres, Oracle, MySQL, etc.
3. Perl also works with XML, HTML, etc.
4. Perl supports object-oriented and procedural programming.
5. Perl interfaces with external C++/C libraries over SWIG or XS.
6. Perl can be more widely use because there are more than 500 third party modules available in the Comprehensive Perl Archive Network (CPAN).
7. Perl can be implemented into other systems.

About Perl (2007, Perl and the Web, para.4) describes Perl and its relation to the Web:

1. Perl is the most popular among any other web programming language because of its ability for text manipulation and rapid development cycle.
2. Perl is also known as “the duct-tape of the Internet”.
3. Perl can be used to manage encrypted Web data such as e-commerce transaction.
4. Part of Perl’s standard distribution such as Perl’s CGI.pm module, makes it easy to handle HTML forms.
5. Perl can be extended into web servers to increase processing by 2000%.
6. mod perl used by the Apache web server to extend a Perl interpreter.
7. Perl’s DBI package is a package to make web-database integration easier.

References

About Perl 2007, last edited n.a., Perl.org, viewed 3 March 2007, <http://www.perl.org/about.html>

Bergsten, H 1999, An Introduction to Java Servlets, last updated 10 March 1999, Jupitermedia Corporation, Darien, CT, USA, viewed 3 March 2007, <http://www.webdevelopersjournal.com/articles/intro_to_servlets.html>

Hall, M 1999, Servlets and JavaServer Pages (JSP), last updated n.a., coreservlets.com Inc., Reisterstown, MD, USA, viewed 3 March 2007,

JSP 2007, last edited n.a., Jupitermedia Corporation, Darien, CT, USA, viewed 3 March 2007, <http://www.webopedia.com/TERM/J/JSP.html>

Lenzer, J 2004, Perl, last updated 17 June 2004, SearchWebServices.com, Needham, MA, USA, viewed 3 March 2007, <http://searchopensource.techtarget.com/sDefinition/0,290660,sid39_gci214291,00.html>

Perl 2007, last edited n.a., Jupitermedia Corporation, Darien, CT, USA, viewed 3 March 2007, <http://www.webopedia.com/TERM/P/Perl.html>

Servlet 2007, last edited n.a., Jupitermedia Corporation, Darien, CT, USA, viewed 3 March 2007, <http://www.webopedia.com/TERM/S/servlet.html>

Techtarget 2003, Java Server Page, last updated 14 April 2003, SearchWebServices.com, Needham, MA, USA, viewed 3 March 2007, <http://searchwebservices.techtarget.com/sDefinition/0,290660,sid26_gci214048,00.html>

Techtarget 2005, servlet, last updated 4 April 2005, SearchWebServices.com, Needham, MA, USA, viewed 3 March 2007, <http://searchwebservices.techtarget.com/sDefinition/0,290660,sid26_gci212966,00.html>

Wikipedia 2007, Java Servlet, last updated 6 January 2007, Wikipedia Foundation, Inc., n.a., viewed 3 March 2007, <http://en.wikipedia.org/wiki/Java_Servlet>

Wikipedia 2007, JavaServer Pages, last updated 27 January 2007, Wikipedia Foundation, Inc., n.a., viewed 3 March 2007, <http://en.wikipedia.org/wiki/JavaServer_Pages>

Wikipedia 2007, Perl, last updated 21 January 2007, Wikipedia Foundation, Inc., n.a., viewed 3 March 2007, <http://en.wikipedia.org/wiki/Perl>

Client, Server and Distributed Paradigms

Client-server paradigms
Sullivan (2006, client/server, para.1) defines that the client and server paradigms divide a pattern of work between two parts and represented by either threads or processes. The client requests for the action or the data, whereas the server fulfill the requests from the client. The client-server can be used by a particular program within a single computer, but the most important idea is in a network. The client-server model makes it easy to interconnect many programs which are distributed across different places in a network. The most common computer transactions using the client-server model is checking a bank account from user computer. A client program requests for the information to a server program at the bank. This server program may forward the request to another bank computer to reach a database server and retrieve user account balance. When the balance is received back to the bank data client and it will serve it back to client in his or her own personal computer and display the account balance information for user.

Sometimes a server called a daemon which is activated and waiting for a client requests. Generally, multiple client programs can also share the services of a common server program. The client programs and server programs are part of larger application or program. Relating to the Internet, the client program is web browser that requests services (the sending of files or web pages) from a web server (Hypertext Transport Protocol or HTTP server) on different computer on the Internet. Basically, a computer with TCP/IP standard allows user to make client requests for files from File Transfer Protocol servers in other computers on the Internet.

Sadoski (1997, Client/Server Software Architectures – An Overview, p.1) describes the two client-server architectures are:

1. Two tier architectures
   The location of user system interface is in the user’s desktop environment and the database management services are in a server which is the strongest machine that services many clients. Processing management divides by two environments, the user interface environment and the database management server environment. The database management server stores procedures and triggers.
2. Three tier architectures
   The three tier architectures overcome the limitations of the two tier architecture. In this architecture, in the middle between the user system interface client environment and the database management server environment were added a middle tier. There are many ways of implementing the middle tier, such as application servers, message servers or transaction processing monitors. The middle tiers tasks are performing queuing, database staging and application execution. For instance, while the middle tier allows queuing, the client can send its request to the middle layer and disengage because the middle tier will access the data and give the answer to the client. The middle layer also adds schedule and prioritization for task in progress. The three tier client-server architecture improves performance for groups with a greater number of users and increases flexibility.

Distributed paradigms
Rofrano (1992, p.1) writes that the distribution of resources and function through two or more interconnected processor is called distributed processing. These processors are the combination of mainframe, midrange or programmable workstation and the distribution can be overt or transparent. Distributed processing is a term which includes client-server computation and cooperative processing. The connection between distributed parts of an application can be either call/return, even-driven or peer-to-peer. There are three communication models that appropriate to implement these relationships: the remote procedure call (RPC), the message and queuing model and the conversional model.

Remote procedure call is a type of a call/return model where application functions communicate in a server/requester relationship. The requesting program does a request to the server program to provide some service. The server program will carry out the task and finish the process by returning the results. Since services can be used on local or remote, this model also introduces a part of transparency in the application can be unrealized of where the real service is performed. This model is implemented on Open Software Foundation (OSF) Distributed Computing Environment (DCE) remote procedure call application programming interface (API) or also called as DCE/RPC and the Transmission Control Protocol/Internet Protocol (TCP/IP).

Message and queuing (MQ) is a type of event-driven model to write distributed applications. The communication between functions can be conducted by placing a message event on a queue and then, routed to the function’s queue. The message will take into queue and processed. By default, it is an asynchronous model and the function called will be returned a message if a result is needed, consequently simulating a synchronous call. An example of message and queuing is e-mail and this messaging model also called as datagrams.

The conversational model is a model of distributed processing when the two applications have to decide on who has the right to deliver and who will accept the data based on established protocols (peer-to-peer). Generally, the initiating application has the right to send data and when the initiating application has completed delivering and agrees to accept data, the roles are conversed. This role will still continue reverse until the processing is complete and the conversation are ended. This model usually implemented on several systems over the Advanced Program-to-Program Communications (APPC) interface.

References

Bauer et al. 1994, ‘A distributed system architecture for a distributed application environment’, IBM Systems Journal, p.2, <http://www.findarticles.com/p/articles/mi_m0ISJ/is_n3_v33/ai_15718569>

Client-server, last edited 1 March 2007, Wikipedia Foundation, Inc., n.a., viewed 7 March 2007, <http://en.wikipedia.org/wiki/Client-server>

Distributed computing 2007, last edited 20 February 2007, Wikipedia Foundation, Inc., n.a., viewed 7 March 2007, <http://en.wikipedia.org/wiki/Distributed_computing>

Rofrano, J. J 1992, ‘Design considerations for distributed applications – Technical’, IBM Systems Journal, p.2, <http://www.findarticles.com/p/articles/mi_m0ISJ/is_n3_v31/ai_12547742/pg_3>

Sadoski, D 1997, Client/Server Software Architectures – An Overview, last updated 2 August 1997, Carnegie Mellon University, Pittsburgh, PA, USA, viewed 7 March 2007, <http://www.sei.cmu.edu/str/descriptions/clientserver_body.html>

Sullivan, J 2006, Client/server, last updated 20 April 2006, TechTarget, Needham, MA, USA, viewed 7 March 2007, <http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci211796,00.html>

The Client/Server paradigm 2006, last edited n.a, Safari Books Online, Sebastopol, CA, USA, viewed 7 March 2007, <http://safari5.bvdep.com/0131013769/ch08lev1sec11>

E-commerce, distributed processing and the Internet

E-commerce
E-business guide (2004, Building - E-commerce - selling on your website, para.1) describes that e-commerce is a buying, selling and ordering services and goods activities on the Internet. The web and e-mail are the facilitation to make any electronic transactions happen. The simple transaction is a customer ordering goods on the online store and paying it by credit card.

The most common types of e-commerce are:

1. B2B – Business to Business
   This kind of e-commerce is a transaction among a company with another company. They pass the information to each other by the Internet.
2. B2C – Business to Consumer
   A company sells their products or services directly to the consumers through the Internet. For example, a buyer ordering a product to the computer store and the buyer pay the bills in electronic way as well.
3. B2E – Business to Employee
   This kind of e-commerce is known as intranet where an employee can access to organization website to get information through organization network.
4. C2C
   A seller personally sells his or her goods or services to a buyer. The simple example is ebay. This is an auction site where many buyers bid a product from the seller and the higher bidder deserve to get the product.

Distributed applications
If a program runs on more than one computer and connects through a network is called a distributed application (Indiana University 2006, p.1). The common distributed applications consist of two different software programs: the front-end software (client) and the back-end software (server). The workstations run front-end software (client). The application is software to handle user interface and processing functions, such as Microsoft Word is a program that receiving input from a keyboard, manipulating or editing word document and displaying output on a screen. Back-end software manages shared resources, such as printers, modems and disks and running on a shared system, such as a shared VMS or UNIX system. The back-end software has a capability as the main processing for the application.

The distributed application concept is simple, a computer can be a client and another computer can be a server or more widely, several servers connecting many clients. The example is a web browser which a browser need servers on the World Wide Web and front-end software such as Internet Explorer requests the web page to the servers.

The Internet
The Internet is the biggest network that connects million of computers all around the world and the information can be sent from any computer to the other computers in 24 hours a day. These computers can be in government departments, schools, small and large businesses, universities or homes. It can be single personal computers or any type of computer or even workstations on a company or school network. The term internet usually defines as a network of networks because the smaller networks of each organization connected into on huge network named the Internet. All computers have the same connection to the Internet and the only different is the speed of the connection which depends on Internet Service Provider (ISP) and modem (Sofweb 2006, p.1).

Generally, the Internet has a protocol called TCP/IP. IP has a task to move packet of data from one node to another node. IP will forward every packet to the destination address (a four byte IP number). The Internet authorities define the range of numbers to other organizations. The organizations define parts of their numbers to departments. IP works on gateway machine which send data form department to organization to region and then all around the world. TCP is responsible to verify the appropriate delivery of data from client to server. Data may be lost in the middle of the network. TCP supports to detect any errors or lost of data and as a trigger to retransmit until the data is fully received (Wikipedia 2006, p.1).

References

Building – E-commerce – Selling on your website 2004, last edited 5 November 2004, Department of Communications, Information Technology and the Arts, Canberra, ACT, viewed 4 March 2007, <http://www.e-businessguide.gov.au/building/e-commerce>

Distributed application 2006, last edited 12 June 2006, Wikipedia Foundation, Inc., n.a., viewed 4 March 2007, <http://en.wikipedia.org/wiki/Distributed_application>

E-commerce 2007, last edited 16 February 2007, Wikipedia Foundation, Inc., n.a., viewed 4 March 2007, <http://en.wikipedia.org/wiki/E-commerce>

E-commerce benefits 2006, last edited 22 September 2006, The State of Queensland (Department of State Development), Queensland, viewed 4 March 2007, <http://www.sd.qld.gov.au/dsdweb/v3/guis/templates/content/gui_cue_cntnhtml.cfm?id=4831>

Gilbert, H 1997, Distributed Applications and the Web, last updated 10 January 1997, PC Lube and Tune, New Haven, CT, viewed 4 March 2007, <http://pclt.cis.yale.edu/pclt/WEBAPP/default.htm>

Internet 2006, last edited 1 February 2007, Wikipedia Foundation, Inc., n.a., viewed 4 March 2007, <http://en.wikipedia.org/wiki/Internet>

Softweb 2006, Using the Internet, last updated 19 January 2006, State of Victoria (Department of Education and Training, viewed 4 March 2007, <http://www.sofweb.vic.edu.au/internet/>

Types of E-commerce 2005, last edited 19 September 2005, The State of Queensland (Department of State Development), Queensland, viewed 4 March 2007, <http://www.sd.qld.gov.au/dsdweb/v3/guis/templates/content/gui_cue_cntnhtml.cfm?id=4897>

What is a distributed application? 2006, last edited 9 June 2006, Indiana University, Bloomington, IN, viewed 4 March 2007, <http://kb.iu.edu/data/adob.html>

Database Servers

A database server is a computer application which provides database services to other computers, this called client-server model. This term also described as a computer determines to run a program. Database management systems (DBMS) provides basic database server functionality and some DBMS’s (for example, MySQL) based on the client-server model to access database (Wikipedia 2006). There are many database servers provide by different vendors such as Microsoft SQL server, PostgreSQL, MySQL, Interbase and many more.

According to PC World (2006, p.1) there are several types of database:

1. Relational database
   A relational database stores all items needed in one database, sets them in some databases and making the relationship among them. For instance, a small-medium size enterprise (SME) wants to define the relationship between customers and orders in tables. Each customers and orders has their own unique ids so that two tables can be matched together. These databases named relational because they define these two connections (a customer form can be used to look up their order details form from the order table rather than storing double information). SQL is a common relational database which provides queries.
2. Object databases
   Object databases very carefully store data in self contained units (objects). These objects contain specific data, attributes and behaviors related to them. A simple example is a product database such as a shoes object, which has some attributes such as color, size and price. The main difference between relational databases and object is the method to access the data. To access the data objects from the object databases, usually programmers using object oriented programming language along with calling methods in their code. This may contain much information if it resided in the application code and sends the information to the object database. That’s why the application code is simplified. On the other hand, at the same time when the application and database are entwined together can cause complexity of accessing the data outside of the application.
3. Object-relational databases
   This kind of database combines both object and relational approaches. This gives the benefits of utilizing objects when it necessary to be tied to the strengths of utilizing relational databases.
4. Hierarchical databases
   The relational databases organize data in tabular form but hierarchical databases organize the data in a tree form. A parent node will lead their inherent child nodes (which these children may have their own further nodes). This type of database is similar with a Windows Explorer program which displays the contents of a hard disk or hard drive (double click the parent directory and then it will drop down the further information and so on). This provides multiple types of subsidiary data but also make it complicated to identify complex multiple types of single data items. Recent hierarchical databases have been common used in computer science fields than in real world applications and hierarchical systems are more popular with the existence of XML (Extensible Markup Language) that uses a hierarchical method as a general data exchange format.

References

Database Server 2006, last edited 4 November 2006, Wikipedia Foundation, Inc., n.a., viewed 1 March 2007, <http://en.wikipedia.org/wiki/Database_server>

Database Servers Buying Guide 2006, last edited n.a., Australian PC World, NSW, Australia, viewed 1 March 2007, <http://www.pcworld.idg.com.au/index.php/id;676007892> SQL

Database Server 2006, last edited n.a., Todd VerBeek, viewed 1 March 2007, <http://microsoft.toddverbeek.com/sql.html>

XML - eXtensible Markup Language

Walsh (1998, A Technical Introduction to XML, p.2) describes that XML is a one of the markup language for all documents consists of information.The information is the contents such as pictures, words, etc. and the indication that the contents will play (for example, content in a heading must have different meaning with content in a footnote). All documents include some structure. This language is a method to analyze structure in the document. The XML specification is a way to transform markup to documents.

What kind of document?
Some applications made by XML documents are wonderful especially when users think that XML is not old-fashioned. The document not only means traditional documents but also the large data formats of XML. These documents are graphic measurements, e-commerce transaction records, mathematical equations, server APIs and a large number of structured information.

Why XML?
It is important to know how to use XML in order to increase the usability of XML. Mainly, XML is used to arrange structured document so that could be used on the web. The other alternatives are SGML and HTML.

SGML is based on arbitrary structure, therefore the complexity is very high to deploy for a web browser. SGML systems fully solve difficult problems which justify their expense. The web carries such as justification is rare to view structured documents. On the other hand, HTML comes with a certain set of semantics and not allows arbitrary structure.

XML will not fully replace SGML. Even XML is designed to allow structured content sent through the web, some features lack to make this practical, make SGML long time and more satisfactory way for the creation of complicated documents. In many companies, the standard procedure for web delivery is filtering SGML to XML.

References

Extensible Markup Language (XML) 2006, last edited 9 November 2006, W3C, Cambridge, MA, viewed 2 February 2007, <http://www.w3.org/XML/>

Introduction to XML 2006, last edited n.a., STEP Stürtz Electronic Publishing GmbH, Rimpar, Germany, viewed 2 February 2007, <http://www.xml.org/xml/step_intro_to_xml.shtml>

UBL: The Next Step for Global E-Commerce 2001, last edited 26 December 2001, UBL Marketing Committee, The United States, viewed 2 February 2007, <http://oasis-open.org/committees/ubl/msc/200112/ubl.pdf>

Walsh, N 2006, A Technical Introduction to XML, last updated 3 October 1998, O’Reilly Media Inc., The United States, viewed 2 February 2007, <http://www.xml.com/pub/a/98/10/guide0.html?page=2#AEN58>