|
Info-PGP: PGP Digest Wednesday 16 December 1992 Volume 2 : Number 2 Hugh Miller, List Manager / Moderator Info-PGP is a digested mailing list dedicated to discussion of Philip Zimmermann's `Pretty Good Privacy' (PGP) public-key encryption program for MS-DOS, Unix, VMS, Atari, Amiga, SPARC, Macintosh, and (hopefully) other operating systems. It is primarily intended for users on Internet sites without access to the `alt.security.pgp' newsgroup. Most submissions to alt.security.pgp will be saved to Info-PGP, as well as occasional relevant articles from sci.crypt or other newsgroups. Info-PGP will also contain mailings directed to the list address. To SUBSCRIBE to Info-PGP, please send a (polite) note to info-pgp-request@lucpul.it.luc.edu. This is not a mailserver; there is a human being on the other end, and bodiless messages with "Subject:" lines reading "SUBSCRIBE INFO-PGP" will be ignored until the sender develops manners. To SUBMIT material for posting to Info-PGP, please mail to info-pgp@lucpul.it.luc.edu. In both cases, PLEASE include your name and Internet "From:" address. Submissions will be posted pretty well as received, although the list maintainer / moderator reserves the right to omit redundant messages, trim bloated headers & .sigs, and other such minor piffle. I will not be able to acknowledge submissions, nor, I regret, will I be able to pass posts on to alt.security.pgp for those whose sites lack access. Due to U.S. export restrictions on cryptographic software, I regret that I cannot include postings containing actual source code (or compiled binaries) of same. For the time being at least I am including patches under the same ukase. I regret having to do this, but the law, howbeit unjust, is the law. If a European reader would like to handle that end of things, perhaps run a "Info-PGP-Code" digest or somesuch, maybe this little problem could be worked around. I have received a promise of some space on an anonymous-ftp'able Internet site for back issues of Info-PGP Digest. Full details as soon as they firm up. Oh, yes: ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; STANDARD DISCLAIMERS APPLY. Hugh Miller | Asst. Prof. of Philosophy | Loyola University Chicago FAX: 312-508-2292 | Voice: 312-508-2727 | hmiller@lucpul.it.luc.edu Signed PGP v.2.1 public key certificate available by e-mail & finger(1) =-=-=-=-=-= From: ujacampbe@memstvx1.memst.edu (James Campbell) Newsgroups: alt.security.pgp Subject: Re: pgp2.1 signed announcement botched by usenet? Date: 11 Dec 92 16:06:09 -0600 In article <1992Dec10.052939.692@colnet.cmhnet.org>, res@colnet.cmhnet.org (Rob Stampfli) writes: > I missed the official announcement of pgp2.1 which was apparently posted > here several days ago, but I found a copy of it posted to alt.privacy. > The message was signed by Phil with the new pgp "+clearsig=on" option. > Unfortunately, Phil's concern about mailers slightly corrupting the message > in innocuous ways so that it no longer matches the original, and therefore > no longer has a valid signature, appears to be borne out by the posting to > alt.privacy: All empty lines in that post have one space added to them. > The signature only checks out when one edits the posted file and ":%s/^ $//". > > BTW, excellent job on the 2.1 release -- a clean compile the first time. > -- > Rob Stampfli rob@colnet.cmhnet.org The neat thing about standards: > 614-864-9377 HAM RADIO: kd8wk@n8jyv.oh There are so many to choose from. > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > Here's a copy of the actual (bad) message: > > Path: colnet!n8emr!zaphod.mps.ohio-state.edu!malgudi.oar.net!caen!uunet!cs.utexas.edu!wupost!emorys2!memstvx1!ujacampbe > From: ujacampbe@memstvx1.memst.edu (James Campbell) > Newsgroups: alt.privacy > Subject: PGP v. 2.1 Released > Message-ID: <1992Dec9.013038.4470@memstvx1.memst.edu> > Date: 9 Dec 92 01:30:38 -0600 > Organization: MSU Cryptosystems > Lines: 54 > [Bad Message Omitted] Sorry, USENET ain't the culprit; Procomm Plus and I were. Unbeknownst to me (but knownst to everyone in alt.privacy), Procomm's ASCII Upload feature was secretly adding an ASCII 32 to each blank line in the post. It's a big help when posting to bulletin boards which interpret a blank line as the end of a post, but a royal pain in the neck when posting signed cleartext messages, I see. Please, don't send messages on how to fix it; I know how, but I didn't think about it before posting. Sorry, folks. =========================================================================== James Campbell, Math Sciences Department, MSU; ujacampbe@memstvx1.memst.edu --------------------------------------------------------------------------- =-=-=-=-=-= From: palmer@icat.larc.nasa.gov (Michael T. Palmer) Newsgroups: alt.security.pgp,alt.security,sci.crypt,talk.politics.misc,talk.politics.guns Subject: Re: PGP v. 2.1 Released Date: 11 Dec 92 17:49:40 GMT cme@ellisun.sw.stratus.com (Carl Ellison) writes: >Sounds like a good reason to switch from PGP to RIPEM. Okay, could you please point us to where we can find a PGP-type program that uses RIPEM? I would love to not have to even *consider* patent stuff when using a crypt program. Ftp sites are preferable! Thanks. -- Michael T. Palmer, M/S 152, NASA Langley Research Center, Hampton, VA 23681 Voice: 804-864-2044, FAX: 804-864-7793, Email: m.t.palmer@larc.nasa.gov PGP 2.0 Public Key now available -- Consider it an envelope for your e-mail =-=-=-=-=-= Newsgroups: alt.security.pgp From: rlglende@netcom.com (Robert Lewis Glendenning) Subject: Re: PGP v. 2.1 Released Date: Fri, 11 Dec 1992 18:41:27 GMT In article <101547@netnews.upenn.edu> yee@mipg.upenn.edu (Conway Yee) writes: >>Would it be possible to to devise a public key >>encryption program that would, when used to encrypt a message with >>someone's private key, emit a series of bytes that would appear to be >>essentially random? > >If a series of bytes were to be random, no message could possibly be >encoded within it. The question, then becomes, is it possible that >two entirely different encoding schemes would produces bytestreams >which are statistically indistinguishable from each other. I think this is wrong. Shannon's Information Theory says that a perfectly non-redundant message is statistically random. Compression engines remove redundancy. Scrambling the output (randomly re-assigning the bytes into another file) produces a pretty good cypher. Scrambling at the bit level might be better, but the problem of decoding is of O(n!) complexity where N is the length of the message. If you add some random padding, it pushes up n as large as you want. I believe that different compression schemes will produce identical statistics to the extent that they are "perfect" and to the extent that the "compression information bytes" are scrambled into the rest of the compressed information. Lew -- Lew Glendenning rlglende@netcom.com "Perspective is worth 80 IQ points." Nils Bohr (or somebody like that). =-=-=-=-=-= From: speth@cats.ucsc.edu (James Gustave) Newsgroups: alt.security.pgp Subject: Re: PGP v. 2.1 Released Date: 11 Dec 1992 18:48:16 GMT The concern over the PGP tag-lines raises two questions in my mind. First, can you distinguish between a PGP file encrypted using RSA and one encrypted using the plain encryption (IDEA only)? Second, how public is IDEA? Are there copyright or import/export laws governing its use? As far as I can tell, the two types of encryption look the same to the naked eye (ie. both have those tag-lines). If there are no restrictions on IDEA, then we can all just plead that we are only using the standard encryption option of PGP, not the RSA stuff. ________________________________________________________________________________ james speth finger for pgp 2.0 public-key speth@cats.ucsc.edu =-=-=-=-=-= Newsgroups: alt.security.pgp,alt.security,sci.crypt,talk.politics.misc,talk.politics.guns From: uri@watson.ibm.com (Uri Blumenthal,35-016,8621267,) Subject: Re: PGP v. 2.1 Released Date: Fri, 11 Dec 1992 20:07:37 GMT From article <1992Dec11.030807.29118@shearson.com>, by pmetzger@snark.shearson.com (Perry E. MetzgerWhy does PGP has those ugly lines "----BEGIN PGP...." >>and so on? PGP-2.1 is much better than PGP-2.0. Let's >>make it really good now - GET RID OF THOSE BETRAYING >>TAGS! NOW! > > I guess you never read the docs. Those "betraying tags" have a purpose > -- they allow the system to automatically find the beginning and end > of messages. I guess you a) are deprived of sense of humor; b) have too little experience with real crypto... > You can feed mail messages into PGP without even > stripping the headers. Ge, thanks for explaining! And I was sure they are there just to attract feds' attention... Oh, my... > Its all very well engineered, and the feds can > tell you are using PGP anyway by looking at the magic numbers in the > Radix 64 text. And what sense would a hexadecimal number prepended to an encrypted (hexadecimal) data make to an eavesdropper? > I don't think there is any point in stripping them, > since it adds no security for you and will make the program a lot more > inconvenient to use. I do, since it can increase security via making it "unprovable" that the message is encrypted/created my PGP. Yes, this will prohibit one from simply piping the whole message through PGP and getting plaintext. Well, it depends on which concern is bigger - to have to strip head/tail off the arriving e-mail, or fear to get caught with using "guerilla" PGP... (:-) > Its inconvenient enough already.... It depends. For me, PGP-2.1 is perfectly convenient and nice. If only it didn't advertise itself so loudly with "---BEGIN"... (:-) -- Regards, Uri. uri@watson.ibm.com ------------ <Disclaimer> =-=-=-=-=-= Newsgroups: alt.security.pgp From: uri@watson.ibm.com (Uri Blumenthal,35-016,8621267,) Subject: Re: PGP v. 2.1 Released Date: Fri, 11 Dec 1992 20:21:36 GMT From article <1g7ubgINNfb7@transfer.stratus.com>, by cme@ellisun.sw.stratus.com (Carl Ellison): >>----BEGIN PGP * along with the usual mundane stuff? Then go after >>people for patent infringement; confiscating burglary tools, a.k.a >>citizens' computers..... > > Sounds like a good reason to switch from PGP to RIPEM. A) Since RIPEM doesn't have and [probably] isn't going to have key management [other than your favorite text editor :-], and since Public Key Servers are far from reality for many of us - RIPEM still has too long a way to go before it becomes even close to usable. [I'm not even starting to talk about other lacks of PEM]. B) RSAREF license is a funny thing: Jim Bidzos promised to release his new license for RSAREF first Tuesday after Thanksgiving (in his personal e-mail to me). Well, I don't have to tell you, that several Tuesdays came, but no license arrived (:-). Therefore, concerns Mr. Atkins had about modifying RSAREF are still valid... > More to the point, someone should publish an interface description for > PGP so that someone else can write a totally legal program which sends > and receives in PGP format but uses RSAREF and its individual license. As Mr. Atkins showed, it's not possible, because RSAREF doesn't have granularity fine enough to do it, and while PKP *draft* license allows modification, their *legal* *real* one does not. And the "relaxed" license is "about to be released", but that about can take forever. On the other hand, I could envision development of PGP turning the way real "guerilla" software should go - achieving stealth capabilities (:-). -- Regards, Uri. uri@watson.ibm.com ------------ <Disclaimer> =-=-=-=-=-= From: mathew <mathew@mantis.co.uk> Newsgroups: alt.security.pgp Subject: Re: PGP-compatible archiver released Date: Fri, 11 Dec 92 13:21:56 GMT pgut1@cs.aukuni.ac.nz (Peter Gutmann) writes: > In <5TXiVB38w165w@mantis.co.uk> mathew <mathew@mantis.co.uk> writes: > >pgut1@cs.aukuni.ac.nz (Peter Gutmann) writes: > >> - Quality Postscript documentation (600K worth) > > >Any chance of making the documentation available in some sort of document > >format, rather than as a printer dump file? I mean, how would you like it i > >I posted this article in HPGL? > > There's a flat ASCII file included with the source code and executables if > you can't handle Postscript (that's why I put the PS docs in a seperate file > not everyone will want them. You get the ASCII docs by default, and if you > want better-quality ones you can grab the PS stuff). OK, thanks. When you said "Quality Postscript documentation" I thought you meant that it was *only* in Postscript -- I've seen quite a few packages with ps-only documentation. But can't you provide some nice documentation in some sort of editable and portable format? TeX, LaTeX, RTF, ...? mathew -- You can communicate with me securely via PGP 2.1. For information, send mail to pgpinfo@mantis.co.uk. For a big block of keys, mail pgpkeys@mantis.co.uk. PGP public key fingerprint = B2 41 30 5F 5B 20 B9 D5 7C 8F 75 88 7C DA D8 C5 =-=-=-=-=-= Date: Sat, 12 Dec 92 17:52:51 EST From: gray@antaire.com (Gray Watson) To: info-pgp@lucpul.it.luc.edu Subject: Info-PGP licensing... Excuse me if this has been discussed before. I'm new to the group. So PKP does not want to distribute licenses to PGP. But PGP is spreading all around. PKP is missing an opportunity and we in the U.S. are missing the use of PGP or are using it illegally. So, question: How much would you pay for a license to use PGP? $20, $50, $100, less, more? Be realistic because no one will give a license for $5 (and maybe not even for $100). If PGP users settled on a certain amount and then put some money into a pool to hire a decent legal representative/negotiater, I would be surprised if PKP was not at least a tiny bit interested. Let's say $50. I would bet a couple of hundred computer professionals might be interested in being able to use PGP. I know that I would. So PKP gets $10k or so for generating some paperwork maybe more if people saw legal PGP keys flying around. Anyone know if there are pressures on PKP from the NSA or other organizations to not generate licenses for PGP? gray =-=-=-=-=-= From: cme@ellisun.sw.stratus.com (Carl Ellison) Newsgroups: sci.crypt,alt.security.pgp Subject: PKP/RSA comments on PGP legality Date: 11 Dec 92 18:16:23 GMT I went to the horse's mouth and asked some folks at PKP & RSA to comment on PGP legality. Here's their reply. I have permission to post it. This was inspired by my original question, to them, whether I could buy an individual license to permit me to use PGP. [I have since concluded that I would like to get a copy of the PGP interface spec so that I could write a program, using RSAREF, which interoperates with PGP. I see PGP as setting a kind of new standard format -- an alternative to PEM.] So -- on to the reply from PKP (much from a lawyer there) and RSA: - - ----------------------------------------------------- Risks of using pgp One should be careful about assuming that the documentation in electronically distributed software is accurate, especially where law is concerned. There is much that the documentation for pgp does not tell you about patent and export law that you should be aware of. Some of the statements and interpretations of patent and export law are simply false. This note will attempt to offer some clarification and accurate information. pgp seems to be an attempt to mislead netters into joining an illegal activity that violates patent and export law, letting them believe that they run no serious risk in doing so. PATENTS Patent law prohibits anyone from making, using, or selling a device that practices methods described in a U.S. patent. pgp admits practicing methods described in US patent #4,405,829, issued to the Massachusetts Institute of Technology, and licensed by Public Key Partners. Those who send signed or encrypted messages, post the pgp program, or encourage others to do so are inducing infringement. Under patent law, there is no distinction between inducement to infringe and direct infringement. You are just as liable. Being aware of the RSA patent makes infringement willful and deliberate. Under patent law, a patent holder is entitled to seek triple damages and legal fees from deliberate infringers. While the pgp documentation suggests you that you probably won't get sued, it doesn't tell you what can happen when patent holders assert their rights against infringement. Free and legal RSA software is available. RSA Data Security has released a program, including source code, called RSAREF. This program is available free to any U.S. person for non-commercial use. Applications may be built on RSAREF and freely distributed, subject to export law. An application that provides email privacy, based on RSAREF, which uses the RSA and DES algorithms, called RIPEM is an example. For information, send email to rsaref-info@rsa.com or rsaref-users@rsa.com. NOTE: The pgp documentation states that PKP acquired the patent rights to RSA "... which was developed with your tax dollars..." This is very misleading. U.S. tax dollars only partially funded researchers at MIT who developed RSA. The U.S. government itself received royalty-free use in return. This is standard practice whenever the government provides financial assistance. The patents on public-key are no different and were handled no differently than any others developed at universities with partial government funding. In fact, almost every patent granted to a major university includes government support, returns royalty-free rights to the government, and is then licensed commercially by the universities to private parties. EXPORT LAW pgp leads users to believe that it has circumvented export controls when it says "...there are no import restrictions on bringing cryptographic technology into the USA." You are led to believe that since you didn't import it, it's legal for you to use it in the US. The "no import restrictions" claim has been made so many times, many people probably believe it. One would be well advised not to accept this legal opinion. While stated as if it were a well-known fact, the claim that "there are no import restrictions" is simply false. Section 123.2 of the ITAR (International Traffic in Arms Regulations) reads: "123.2 Imports. No defense article may be imported into the United States unless (a) it was previously exported temporarily under a license issued by the Office of Munitions Control; or (b) it constitutes a temporary import/intransit shipment licensed under Section 123.3; or (c) its import is authorized by the Department of the Treasury (see 27 CFR parts 47, 178, and 179)." Was pgp illegally exported? Was pgp illegally imported? Of course. It didn't export or import itself. pgp 1 was illegally exported from the U.S., and pgp 2, based on pgp 1, is illegally imported into the U.S. Is a license required? According to the ITAR, it is. ITAR Section 125.2, "Exports of unclassified technical data," paragraph (c) reads: "(c) Disclosures. Unless otherwise expressly exempted in this subchapter, a license is required for the oral, visual, or documentary disclosure of technical data... A license is required regardless of the manner in which the technical data is transmitted (e.g., in person, by telephone, correspondence, electronic means, telex, etc.)." What is "export?" Section 120.10, "Export," begins: "'Export' means, for purposes of this subchapter: ...(c) Sending or taking technical data outside of the United States in any manner except that by mere travel outside of the United States by a person whose technical knowledge includes technical data; or..." Is pgp subject to the ITAR? See Part 121, the Munitions List, in particular Category XIII, of which paragraph (b) reads, in part, "...privacy devices, cryptographic devices and software (encoding and decoding), and components specifically designed or modified therefore,..." A further definition in 121.8, paragraph (f) reads: "Software includes but is not limited to the system functional design, logic flow, algorithms, application programs, ..." pgp encourages you to post it on computer bulletin boards. Anybody who considers following this advice is taking quite a risk. When you make a defense item available on a BBS, you have exported it. pgp's obvious attempts to downplay any risk of violating export law won't help you a bit if you're ever charged under the ITAR. Penalties under the ITARs are quite serious. The ITARs were clearly designed to put teeth into laws that make exporting munitions illegal. It's unfortunate that cryptography is on the munitions list. But it is. pgp is software tainted by serious ITAR violations. These points on patent and export law are straightforward and can easily be confirmed with legal advice. However, there are other statements in the pgp documentation that should not go unchallenged. In pgp 2.0, the author says, "I did not steal any software from PKP." (PKP is the patent holder for the RSA patent.) Of course not; PKP doesn't make any software. However, not mentioned is a software product by RSA Data Security called MailSafe. This product was first shipped in July of 1986. Features such as a digital signatures on the program itself for verification, internal self-check for virus detection, compression of plaintext and ASCII recoding of encrypted binary files, direct and extended trust of public keys through certification, including the publisher's public key in the distribution, display of a message digest, security and password advice, and many others are in MailSafe and are carefully documented in the user manual. The authors of pgp have had a copy of MailSafe and the user manual since 1987. There may be nothing illegal about using ideas from another product, but there's something dishonest about misleading people into believing these ideas were your own in the interest of recruiting "fans." pgp calls itself "public-key for the masses." Even this isn't original. The September 12, 1986 issue of the Christian Science Monitor contains a page one story on cryptography, and discusses MailSafe. In that story, an RSA spokesman is quoted as saying "MailSafe is public-key for the masses." Reprints of this story were widely circulated in RSA press kits, and received by the pgp authors in 1987. The documentation to pgp would have readers believe that pgp was the result of a noble desire to save everyone from an evil government threatening to deny rights to privacy; that users and distributors of pgp have little or nothing to fear from the patent holders, who, it is implied, are probably dishonest anyway; and that one shouldn't be concerned about export controls because pgp beat the system for everyone by having been developed overseas and imported legally. The facts simply don't support these claims. - - ----------------------------------------------------- -- <<Disclaimer: All opinions expressed are my own, of course.>> -- Carl Ellison cme@sw.stratus.com -- Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783 -- 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488 ***** End Info-PGP Digest *****