Info-PGP: PGP Digest Wednesday 16 December 1992 Volume 2 : Number 3
Hugh Miller, List Manager / Moderator
Info-PGP is a digested mailing list dedicated to discussion of Philip
Zimmermann's `Pretty Good Privacy' (PGP) public-key encryption program for
MS-DOS, Unix, VMS, Atari, Amiga, SPARC, Macintosh, and (hopefully) other
operating systems. It is primarily intended for users on Internet sites
without access to the `alt.security.pgp' newsgroup. Most submissions to
alt.security.pgp will be saved to Info-PGP, as well as occasional relevant
articles from sci.crypt or other newsgroups. Info-PGP will also contain
mailings directed to the list address.
To SUBSCRIBE to Info-PGP, please send a (polite) note to
info-pgp-request@lucpul.it.luc.edu. This is not a mailserver; there is a
human being on the other end, and bodiless messages with "Subject:" lines
reading "SUBSCRIBE INFO-PGP" will be ignored until the sender develops
manners. To SUBMIT material for posting to Info-PGP, please mail to
info-pgp@lucpul.it.luc.edu. In both cases, PLEASE include your name and
Internet "From:" address. Submissions will be posted pretty well as received,
although the list maintainer / moderator reserves the right to omit redundant
messages, trim bloated headers & .sigs, and other such minor piffle. I will
not be able to acknowledge submissions, nor, I regret, will I be able to pass
posts on to alt.security.pgp for those whose sites lack access.
Due to U.S. export restrictions on cryptographic software, I regret that I
cannot include postings containing actual source code (or compiled binaries)
of same. For the time being at least I am including patches under the same
ukase. I regret having to do this, but the law, howbeit unjust, is the law.
If a European reader would like to handle that end of things, perhaps run a
"Info-PGP-Code" digest or somesuch, maybe this little problem could be worked
around.
I have received a promise of some space on an anonymous-ftp'able Internet
site for back issues of Info-PGP Digest. Full details as soon as they firm
up.
Oh, yes: ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; STANDARD
DISCLAIMERS APPLY.
Hugh Miller | Asst. Prof. of Philosophy | Loyola University Chicago
FAX: 312-508-2292 | Voice: 312-508-2727 | hmiller@lucpul.it.luc.edu
Signed PGP v.2.1 public key certificate available by e-mail & finger(1)
=-=-=-=-=-=
Newsgroups: sci.crypt,alt.security.pgp
Path: lucpum.it.luc.edu!uchinews!linac!uwm.edu!zaphod.mps.ohio-state.edu!sdd.hp.com!think.com!spool.u!uunet!enterpoop.mit.edu!bloom-picayune.mit.edu!news.mit.edu!warlord
From: warlord@MIT.EDU (Derek Atkins)
Subject: Re: PKP/RSA comments on PGP legality
Date: Sat, 12 Dec 1992 10:25:48 GMT
In article <1galtnINNhn5@transfer.stratus.com> cme@ellisun.sw.stratus.com (Carl Ellison) writes:
[I have since concluded
that I would like to get a copy of the PGP interface spec so that I could
write a program, using RSAREF, which interoperates with PGP. I see PGP
as setting a kind of new standard format -- an alternative to PEM.]
{other stuff deleted -- warlord}
There are plans in the works, pending the new RSAREF license, to do
just this! Please be patient, as there is no need to duplicate
efforts! At least many people are thinking the same thing, so many
people will be happy when it happens!
Enjoy!
-derek
PGP 2 key available upon request, or via AFS:
/afs/athena.mit.edu/user/w/a/warlord/pgp-pubkey.asc
--
Derek Atkins -- MIT '93 -- Electrical Engineering
--warlord@MIT.EDU | ..!mit-eddie!mit-athena!warlord | s20069@mitvma.bitnet
Chairman, MIT Student Information Processing Board (SIPB)
MIT Media Laboratory, Speech Research Group
=-=-=-=-=-=
From: strnlght@netcom.com (David Sternlight)
Newsgroups: sci.crypt,alt.security.pgp
Subject: Re: PKP/RSA comments on PGP legality
Date: 12 Dec 92 19:22:10 GMT
Derek Atkins says there are plans in the works to produce a "de novo"
version of PGP using RSAREF, starting with the PGP interface specs.
If that product is to be usable in the U.S., whoever does this is
going to have to import IDEA legally, under the munitions act. Otherwise
one would not be able to decrypt messages sent with the non-U.S. version,
PGP 2.x.
David
=-=-=-=-=-=
Newsgroups: alt.security.pgp,comp.sys.next.sysadmin
Path: lucpum.it.luc.edu!uchinews!linac!pacific.mps.ohio-state.edu!zaphod.mps.ohio-state.edu!wupost!p1!news.cc.swarthmore.edu!ralph.cs.haverford.edu!eoliver
From: eoliver@ralph.cs.haverford.edu (Erik Oliver)
Subject: PGP v2.1 and NeXT
Date: Sat, 12 Dec 1992 02:17:52 GMT
After, having no luck getting PGP 2.0 to compile on the NeXT ( I didn't
try too hard,) I was excited that 2.1 had special make settings for the
NeXT.
Unfortunately, they are wrong NeXT computers run MACH not BSD.
Change, the makefile.unx line for next: to indicate MACH instead
of BSD.
The other problem occurs in the system.c source code file,
the problem, the remove function defined in that file
has a different prototype then the one defined in one
of the standard header fiels that system.c includes,
the solution add the word 'const' before the char *name
variable in the remove function of system.c.
These problems were extremely minor, and are easily fixable...
-Erik
(Public key available by finger.)
=-=-=-=-=-=
Newsgroups: alt.security.pgp,comp.sys.next.sysadmin
Path: lucpum.it.luc.edu!uchinews!linac!uwm.edu!cs.utexas.edu!sun-barr!ames!haven.umd.edu!uunet!entermit.edu!bloom-picayune.mit.edu!news.mit.edu!warlord
From: warlord@MIT.EDU (Derek Atkins)
Subject: Re: PGP v2.1 and NeXT
Date: Sat, 12 Dec 1992 07:12:49 GMT
> Unfortunately, they are wrong NeXT computers run MACH not BSD.
> Change, the makefile.unx line for next: to indicate MACH instead
> of BSD.
>
> The other problem occurs in the system.c source code file,
> the problem, the remove function defined in that file
> has a different prototype then the one defined in one
> of the standard header fiels that system.c includes,
> the solution add the word 'const' before the char *name
> variable in the remove function of system.c.
First of all, the NeXT is neither Mach nor BSD! It is a BSD-ish UNIX
signal server on top of Mach. This means that if you are writing a
kernel driver you need to write it for mach, but if you are writing a
user-level application you should write if for BSD. As far as PGP is
concerned, its better to define BSD that not, since applications see a
BSD interface.
Yes, there is a problem in system.c: it forgets to include "usuals.h"
and you have to change the #ifdef around memset, memcmp, and memcpy to
be: #if defined(BSD) && !defined(NEXT)
That is the ONLY changes that you should need to get PGP 2.1 to build
on the NeXT platform. You SHOULD NOT change the makefile.unx as
suggested.
-derek
--
Derek Atkins -- MIT '93 -- Electrical Engineering
--warlord@MIT.EDU | ..!mit-eddie!mit-athena!warlord | s20069@mitvma.bitnet
Chairman, MIT Student Information Processing Board (SIPB)
MIT Media Laboratory, Speech Research Group
=-=-=-=-=-=
Newsgroups: alt.security.pgp,comp.sys.next.sysadmin
Path: lucpum.it.luc.edu!uchinews!linac!uwm.edu!rpi!gatech!usenet.ins.cwru.edu!agate!netsys!ukma!montil!rich
From: rich@pencil.cs.missouri.edu (Rich Winkel)
Subject: Re: PGP v2.1 and NeXT
Date: 12 Dec 92 08:55:42 GMT
In <WARLORD.92Dec12021232@deathtongue.mit.edu> warlord@MIT.EDU (Derek Atkins) writes:
]First of all, the NeXT is neither Mach nor BSD! It is a BSD-ish UNIX
]signal server on top of Mach. This means that if you are writing a
]kernel driver you need to write it for mach, but if you are writing a
]user-level application you should write if for BSD. As far as PGP is
]concerned, its better to define BSD that not, since applications see a
]BSD interface.
]Yes, there is a problem in system.c: it forgets to include "usuals.h"
]and you have to change the #ifdef around memset, memcmp, and memcpy to
]be: #if defined(BSD) && !defined(NEXT)
]That is the ONLY changes that you should need to get PGP 2.1 to build
]on the NeXT platform. You SHOULD NOT change the makefile.unx as
]suggested.
Interestingly enough, I ONLY changed the makefile and it compiled fine
on a next. I haven't exhaustively run it, but it passed all the tests
suggested in setup.doc.
What gives?
Rich
=-=-=-=-=-=
Newsgroups: alt.security.pgp,comp.sys.next.sysadmin
From: eoliver@ralph.cs.haverford.edu (Erik Oliver)
Subject: Re: PGP v2.1 and NeXT
Date: Sat, 12 Dec 1992 17:13:56 GMT
In order to avoid a flame fest, let me point out the old adage:
'There is more than one way to skin a cat.'
My version of PGP works, your versions of PGP work, clearly there are
multiple ways to solve the non-compilation of PGP 2.1 on the next.
The fact is, I am not sure which modification set is the best, but the
modifications I made worked fine, so I'm happy with them. By posting
I was just trying to let others know that the PGP 2.1 package wouldn't
compile instantly with make on their NeXT, perhaps we should let the
package author figure out what is most appropriate for PGP.
And, I still stand by my claim that the NeXT is a Mach machine, but I
can see how my statement was misinterptreted. I agree that the NeXT,
has BSD interfaces and BSD programs, not SysV programs and SysV
interfaces. But, at the core it is a Mach Kernel which is very
different in its features and design than just saying BSD.
-Erik
=-=-=-=-=-=
Newsgroups: alt.security.pgp
From: eoliver@ralph.cs.haverford.edu (Erik Oliver)
Subject: PGP v 2.1 w/ Unix Mail
Date: Sat, 12 Dec 1992 02:38:58 GMT
Okay, please excuse me if this is an FAQ, but how do I go about helping
users use PGP to have the message hash appended correctly to outgoing
messages. And also, how to handle incoming messages with the
pgp message block.
Thanks for any help, I've set followup's to me, but if it won't work for
your mailer, send responses to eoliver@ralph.cs.haverford.edu
-Erik
=-=-=-=-=-=
Newsgroups: sci.crypt,alt.security.pgp
From: wcs@anchor.ho.att.com (Bill Stewart +1-908-949-0705)
Subject: Re: PKP/RSA comments on PGP legality
Date: Sun, 13 Dec 1992 05:20:27 GMT
In article <1992Dec12.192210.10839@netcom.com> strnlght@netcom.com (David Sternlight) writes:
Derek Atkins says there are plans in the works to produce a "de novo"
version of PGP using RSAREF, starting with the PGP interface specs.
If that product is to be usable in the U.S., whoever does this is
going to have to import IDEA legally, under the munitions act. Otherwise
one would not be able to decrypt messages sent with the non-U.S. version,
PGP 2.x.
I'm not a lawyer (though I play a politician on TV :-), but there's a
difference between crypto *software*, which may be covered by the
munitions export/import laws, and the mathematical *algorithms*,
which probably aren't - they can be published in the Federal Register (e.g. DES)
or technical journals and imported and exported without restrictions.
So all we'd need to do would be implement IDEA in software in the US.
On the other hand, do the folks who own the patent for IDEA in Switzerland
also have patent protection here?
--
# Pray for peace; Bill
# Bill Stewart 908-949-0705 wcs@anchor.att.com AT&T Bell Labs 4M312 Holmdel NJ
# Nov 12 - Anniversary of Indonesian massacre in East Timor, 1991
# Indonesia first invaded in 1975, and about 1/3 of the people have been killed.
=-=-=-=-=-=
Date: 13 Dec 1992 16:37:32 -0800
From: The Electronic Messiah <ASDMF@acad2.alaska.edu>
To: info-pgp@lucpul.it.luc.edu
Greets all...I was wondering where I might obtain the PGP source code for the
(Gasp) VAX/VMS operating system?
=-=-=-=-=-=
To: hmiller@lucpul.it.luc.edu
From: Harry Bush <harry@castle.riga.lv>
Message-Id: <2B2BAB6D@castle.riga.lv>
Date: Sun, 13 Dec 1992 16:30:21 +0300
==================================================================
* Forwarded by: Harry Bush (2:495/28)
* From Area: INTL.PGP (INTL Pretty Good Privacy Discussions)
* Originally From: Harry Bush, 2:495/28
* Originally To: All
* Originally dated: Saturday December 05 1992 05:14
* Subj: PGP Supporting Sites
==================================================================
Hello All!
IMHO it will be good to make a list of PGP Supporting Sites,
at least on the territory reachable by FTN technology and
INTL.PGP :-)
Please add to this list your info. I know for sure that
Peter Suchkow in St.Petersburg and Zygimantas Cepaitis in
Kaunas, Lithuania have their PGP Supporting Sites.
Next step perhaps will be establishing a networking scheme
for key distribution (and maybe other purposes :-)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
LATVIA:
2:495/21,Castle,Riga,Egons_Bush,7-0132-223986,9600,XA,CM,MO,
V33,V32B,V42B,V29,ZYX AKA Egons@Castle.riga.lv
2:495/28,Info-Shelter,Iecava_Latvia,Harry_Bush,7-01339-41176,
9600,XX,MO,V33,V32B,V42B,V29,ZYX AKA Harry@castle.riga.lv
Both nodes have ZyXEL U-1496E+ modems supporting speed up to
16800 baud. No dialog permitted, mail only. Castle is CM but
quite busy node. Info-Shelter is almost CM and not so busy,
excluding several regular periods which can be discussed
using netmail.
FREQ-able Castle Public Keyring is common and mirrored by both
nodes. Keys can be accepted and added to keyring on conditions
identical to pgp-keys@utopia.hactic.nl , in general that means
that keys should be certified and we do not provide certification
exept in case of physical presence of owner.
INTL.PGP echo, INFO-PGP digests and sci.crypt conference
gated from Usenet is available.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Best wishes, Harry
Saturday December 05 1992 05:14
--- Golded 2.40.P0720+ via D'Bridge 1.50
* Origin: Info-Shelter, PGP Supporting Site (2:495/28)
=-=-=-=-=-=
Newsgroups: sci.crypt,alt.security.pgp
From: strnlght@netcom.com (David Sternlight)
Subject: Re: PKP/RSA comments on PGP legality
Date: Sun, 13 Dec 1992 06:31:11 GMT
Bill Stewart argues that the IDEA algorithm isn't covered by the
Munitions Act provisions. Though I hope he's right, I'm not so
sure. I think the Munitions Act covers cryptographic methods.
Second, his contention that DES was published in the Federal Register
isn't quite accurate. As I understand it, the details of the S-boxes
were not (though they can, I suppose be gotten via decompiling or
examining source code), yet without them one could not implement DES
and thus they are an essential part of the algorithm, in Bill's terms.
Please understand that I'm not trying to argue in a partisan manner here,
but to arrive at an understanding of what's so.
David
=-=-=-=-=-=
From: boyd@acsu.buffalo.edu (Daniel F Boyd)
Newsgroups: sci.crypt,alt.security.pgp
Subject: Re: PKP/RSA comments on PGP legality
Date: 13 Dec 92 16:57:08 GMT
In article <1992Dec13.063111.26607@netcom.com> strnlght@netcom.com
(David Sternlight) writes:
> As I understand it, the details of the S-boxes were not [published
> in the Federal Register] (though they can, I suppose be gotten via
> decompiling or examining source code), yet without them one could
> not implement DES and thus they are an essential part of the
> algorithm, in Bill's terms.
You're right in the particulars, but very wrong in general.
The Federal Register is the listing of all the regulations that the
government has made. When they change the food-labeling laws so that
"Monosodium Glutamate" must always be written in 12-point Palatino
Bold -- the Federal Register is where it gets listed. They wouldn't
publish DES there in any case because it's not where it goes.
The DES algorithm is published in a FIPS PUB, which you can get from
the government printing office. And the GPO will send it anywhere,
worldwide. They would send it out even if the address is "KGB
Headquarters, Lubyanka, Moscow" (assuming the KGB's check doesn't
bounce -- possibly an unwarranted assumption).
There is NO need to disassemble software or examine microchips under a
microscope in order to reimplement DES. You can look it up in any
technical library -- probably even the Moscow University library.
It's a PUBLIC algorithm.
Why it's still illegal to export DES chips is a mystery to me; the
ones you buy all say "Malaysia" on them anyway...
--
Daniel F. Boyd -- boyd@cs.buffalo.edu -a +X -x -e -m -S -F"> "
----------------------------------------------------------------------
((lambda (x) (list x (list (quote quote) x)))
(quote (lambda (x) (list x (list (quote quote) x)))))
=-=-=-=-=-=
Newsgroups: sci.crypt,alt.security.pgp
From: strnlght@netcom.com (David Sternlight)
Subject: Re: PKP/RSA comments on PGP legality
Date: Sun, 13 Dec 1992 19:21:49 GMT
Thanks to the many who clarified my understanding of the legalities
of this issue, both publicly and privately.
My latest state of understanding (but I'm open to even more) is that
DES was published. More than that, it's that there's a footnoted
exemption in the Export List (Commerce Dept.? State Dept.?) for
technological exports which have been published in scholarly
journals (the explanation I was given has something to do with
the conflict between the Munitions Act and the First Amendment).
It's also been claimed by one correspondent that a)IDEA has been
published and b)the above footnote exemption would mean that
the IDEA component of PGP wouldn't provide a basis for proceeding
against PGP under the Munitions Act.
Whether PGP as a whole could be construed as different from its
ancestral parts (RSA, IDEA) which have been published and are thus
presumably covered under the exemption footnote is as yet unclear
to me.
Finally, the issue of PGP being a violation of RSA/PKP's patents
remains, though the suggestion of an RSAREF version is certainly
an interesting one.
David
=-=-=-=-=-=
Newsgroups: sci.crypt,alt.security.pgp
From: wcs@anchor.ho.att.com (Bill Stewart +1-908-949-0705)
Subject: Re: PKP/RSA comments on PGP legality
Date: Mon, 14 Dec 1992 00:28:05 GMT
In article <1992Dec13.192149.8211@netcom.com> strnlght@netcom.com (David Sternlight) writes:
My latest state of understanding (but I'm open to even more) is that
DES was published. More than that, it's that there's a footnoted
exemption in the Export List (Commerce Dept.? State Dept.?) for
technological exports which have been published in scholarly
journals (the explanation I was given has something to do with
the conflict between the Munitions Act and the First Amendment).
It's also been claimed by one correspondent that a)IDEA has been
published and b)the above footnote exemption would mean that
the IDEA component of PGP wouldn't provide a basis for proceeding
against PGP under the Munitions Act.
If I'm the correcpondent you mean, I *didn't* say that the IDEA
component of PGP wouldn't provide a basis for government action against it -
I said there's a difference between algorithms
(which the government doesn't seem to currently class as munitions)
and *implementations* of algorithms (which unfortunately they do),
and that if we wanted a legal-for-use-in-USA version of PGP,
we could use the IDEA algorithm but we'd have to implement it here.
(And, of course, we'd have to find out if the Swiss patent owners
have a patent in the US or would be nice enough to let us use it free.)
.... so we'll need to find a paper journal article, or have it posted
in alt.journals.scholarly.obscure from some site in Finland .... :-)
--
# Pray for peace; Bill
# Bill Stewart 908-949-0705 wcs@anchor.att.com AT&T Bell Labs 4M312 Holmdel NJ
# Nov 12 - Anniversary of Indonesian massacre in East Timor, 1991
# Indonesia first invaded in 1975, and about 1/3 of the people have been killed.
=-=-=-=-=-=
Newsgroups: sci.crypt,alt.security.pgp
From: strnlght@netcom.com (David Sternlight)
Subject: Re: PKP/RSA comments on PGP legality
Date: Mon, 14 Dec 1992 01:41:18 GMT
Bill Stewart corrects my understanding of PGP and IDEA (thanks), which
suggests that troubles for possession and/or use of PGP2.x in the U.S.
can also come from the Munitions Act since PGP is based on an import
of the IDEA implementation, rather than domestic coding of the IDEA
algorithm.
If my understanding is now accurate that PGP2.x violates both the
Munitions Act and PKP's patents, and that this violation is occasioned
not just by use but also by possession in the U.S., then it would seem
prudent to get it off one's U.S. computers and any U.S. net
sites--Internet, Usenet, Fidonet, anynet. Presence on a bulletin board
system may be just what someone needs to close down that system.
As for the argument that some make that "you" will probably neither get
caught nor prosecuted for this illegality, the ethics of that position
are open to the most serious questions (assuming my understanding
of the underlying situation is accurate).
Finally, given my understanding, the notion that if it's uploaded all
over the place, what can "they" do seems to betray a lack of both
realism and ethics. Try the argument that if lots of people take
cocaine, what can "they" do? to see this.
The proposal to produce a de novo version here in the U.S., based on
the IDEA algorithm (if published and the IDEA folks permit it), and
RSAREF (assuming RSA will license RSAREF for PGP), in contrast seems
both ethical and legal, if I understand this correctly.
Just a passing point on the latter paragraph--people shouldn't count
their RSAREFs 'til they're hatched. RSA still owns RSAREF, and though
they've licensed it, with a specific associated agreeement, for ripem,
that doesn't mean they HAVE to license it for a future PGP. Whoever is
doing this "legal PGP" project should check with Jim Bidzos of RSA
at their earliest opportunity (jim@rsa.com).
For completeness and to acknowledge a particular position (with which
I disagree), some feel that it's absurd to prevent use of something
here that's widespread in Europe, and are willing to take a chance in
order to press that. Others feel that PKP's patents are over-broad and
are willing to confront on that issue. That's got to be an individual
and conscious choice, which should be made clear to others, so nobody
gets or uses PGP under the impression it's "o.k." My own position is
that if one thinks a law or situation is incorrect, one moves to get
it changed, if possible. One does not take the law into one's own
hands. One particularly doesn't take innocent bystanders down with
one.
Any more bidding on this one before I conclude I now understand it?
=-=-=-=-=-=
Newsgroups: alt.security,sci.crypt,talk.politics.guns,talk.politics.misc,alt.security.pgp
From: s0rah@exnet.co.uk (R A Hollands)
Subject: Re: PGP v. 2.1 Released
Date: Sun, 13 Dec 1992 15:23:26 GMT
Thanks to all those who replied about my problem getting an uncorrupted
version of PGP 2.1.
What I did finally:
1 got uuencoded file in five parts;
2 joined them: cat aa ab ac ad ae >pgp.uue;
3 edited out the mail headers;
4 uudecode pgp.uue;
5 downloaded it; (set fil typ bin - Yeah!)
6 unzipped it.
What I did before:
2-4 replaced by:
- edit out headers;
- cat aa ab ac ad ae | uudecode.
Is this different? I don't get it.
Perhaps all you old usenet/unix hands are clanking your zimmers and
rattling your cocoa mugs and saying, "He! he! see what he did!". If so,
I'd like to share the joke.
Thanks again for the prompt responses.
Richard
~A
=-=-=-=-=-=
Newsgroups: alt.security.pgp,alt.security,sci.crypt,talk.politics.misc,talk.politics.guns
From: hallam@zeus02.desy.de (Phill Hallam-Baker)
Subject: Re: PGP v. 2.1 Released
Date: Mon, 14 Dec 1992 09:37:38 GMT
In article <1992Dec10.185107.10925@netcom.com>, strnlght@netcom.com (David
Sternlight) writes:
|>I have mixed feelings about Uri's message.
|>
|>Until the legal status is resolved, one might wish to get rid of the
|>PGP "tags" which are overt confirmation that one is using a public key
|>system. On the other hand, I disagree in the sense that if unlicensed
|>use of public key systems REALLY IS a violation of law (not "is
|>asserted to be by PKP")--for example after a court case--then his
|>suggestions is tantamount to publicly advocating the concealing of a
|>legal violation, which I cannot support.
|>
|>If one feels PKP is over-broad in their claims, the way to deal with
|>this is by direct resolution. If one feels PKP is legally on firm ground
|>but thinks there "shouldn't be" patent protection for software, or some
|>such, again the way to deal with this is by trying to get the law changed.
|>I'm not one who supports illegal acts in the face of what one thinks
|>is unfairness.
There is nbo such thing as a Patent for software in Europe. PKP's claim has no
validity here. Nor for that matter do the restrictions of the FBI.
|>Finally, I trust the police and intelligence agencies of our
|>government. They are not a bunch of fascists out to get the innocent,
|>as some messages sometimes imply, but hard-working fellow-Americans
|>trying to do a very difficult job. Yes, there have been, and may
|>continue to be some individual abuses, sometimes by senior people, but
|>the way to deal with that is via strong internal and external
|>watchdogs, and by clear definition of what is, and isn't to be
|>permitted.
Yeah like MI5 went and bugged their Prime Minister, sure you can trust the CIA
and FBI, hell they are American, makes a difference you know.
--
Phill Hallam-Baker
=-=-=-=-=-=
Newsgroups: alt.security,sci.crypt,talk.politics.guns,talk.politics.misc,alt.security.pgp
From: neuhaus@vier.informatik.uni-kl.de (Stephan Neuhaus (HiWi Mattern))
Subject: Re: PGP v. 2.1 Released
Date: Mon, 14 Dec 1992 10:29:23 GMT
Marc VanHeyningen <mvanheyn@whale.cs.indiana.edu> writes:
>Unfortunately, it's
>possible that a distributor could be found responsible if someone
>outside the U.S. gets the code from him.
That is precisely the reason why I oppose the PEM RFCs. There is no
way that a worldwide software distribution can be created that uses
RSAREF, without it violating export laws.
And how good is an Internet standard if it's US-centric? The Internet
consists of more than the US.
Please RSADSI and PKP, consider that, too. You might force all US
netters to use RIPEM, but the rest of the world will probably use PGP.
Have fun.
--
Stephan <neuhaus@informatik.uni-kl.de>
sig closed for inventory. Please leave your pickaxe outside.
PGP 2.1 public key available on request. Note the expiration date.
=-=-=-=-=-=
From: palmer@icat.larc.nasa.gov (Michael T. Palmer)
Newsgroups: alt.security,sci.crypt,talk.politics.guns,talk.politics.misc,alt.security.pgp
Subject: Re: PGP v. 2.1 Released
Date: 14 Dec 92 12:26:57 GMT
Marc VanHeyningen <mvanheyn@whale.cs.indiana.edu> writes:
>Thus said palmer@icat.larc.nasa.gov (Michael T. Palmer):
>>cme@ellisun.sw.stratus.com (Carl Ellison) writes:
>>
>>>Sounds like a good reason to switch from PGP to RIPEM.
>>
>>Okay, could you please point us to where we can find a PGP-type program
>>that uses RIPEM? I would love to not have to even *consider* patent stuff
>>when using a crypt program.
>Since you're posting from a .gov site, I think you don't have worries in
>that regard.
Well... it's not like I would necessarily be using it for work-related
uses, except maybe for protecting company proprietary data. I was more
interested in crypt programs for protecting PERSONAL privacy (on my OWN
equipment).
>Also, RIPEM IS NOT YET WIDELY AVAILABLE. It is in use by a small number
>of beta testers, who have been asked not to redistribute it further. It
>is not on any public FTP site that I know of, nor should it be.
Thank you for clearing this up. Someone else on the net (I believe it
was David Sternlight) also mentioned this to me a while back, but since
so many recent posts recommended switching to RIPEM, it seemed to me
(and many others, I guess) that the program was now widely available.
>I really wish RIPEM's beta testers would stop advocating its use as
>though you could get it and use it today. It will be soon. It's not
>now (or, if it is, it's against the express wishes of the author.)
I agree. For those of us without access to RIPEM, it's quite frustrating
to be told we should switch to a program we can't even get our hands on
yet, and away from a program that works now (even though the legality of
use is still being debated).
--
Michael T. Palmer, M/S 152, NASA Langley Research Center, Hampton, VA 23681
Voice: 804-864-2044, FAX: 804-864-7793, Email: m.t.palmer@larc.nasa.gov
PGP 2.0 Public Key now available -- Consider it an envelope for your e-mail
***** End Info-PGP Digest *****
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
