PGP Net>
uncle herb
So, the DC homefolx get sick of riding Metro, and they head out to the suburbs to steal cars?
Saint Bob
I think it's a little more methodical than that. "Hey, let's go to Wheaton & get us a car."
Saint Bob
Don't be so sure, chester. Aspen hill will probably be a 30-story ghetto by that time. Urban decay and all.
Xenophilosophus
No Doom..... we now drive PLASTIC.
chester cheetah
Hewitt Avenue has long been Aspen Hill's version of Belmont Street, NW. Generally, though, anything north of Aspen Hill and west of Georgia Avenue was considered pretty suburban.
Black Wolf
Misconceptions about PGP 2.6 from MIT
by Phil Zimmermann
Phil Zimmermann posted this statment to the <A
HREF="ftp://soda.csua.berkeley.edu/pub/cypherpunks/mailing_list/list.html">Cypherpunks
mailing list</A> on August 18, 1994.
To: All Users of PGP
From: Philip Zimmermann, creator of PGP
Re: Misconceptions about PGP 2.6 from MIT
Date: 18 Aug 94
I'd like to clear up some widely held misconceptions about PGP
version 2.6 from MIT. I get a lot of email and phone calls from
people who report a lot of misinformation on many Internet newsgroups
about this MIT version of PGP.
(For those of you who need an introduction to Pretty Good Privacy
(PGP), it is a free software package that encrypts email. PGP is the
worldwide defacto standard for email encryption. It's available via
FTP from net-dist.mit.edu, in the pub/PGP directory. But then, if
you haven't heard of PGP, you don't need to read this letter.)
Here is a list of misconceptions:
Myth #1: PGP 2.6 is incompatible with previous versions.
Myth #2: PGP 2.6 is weaker than previous versions, with a back door.
Myth #3: PGP 2.6 was released without Zimmermann's cooperation.
All of these misconceptions would be cleared up if you read the PGP
User's Guide that comes with PGP 2.6, but a lot of people seem to be
spreading and believing these myths without looking into the matter
empirically and getting the new PGP and reading the manual. Let's go
over these myths in detail.
Black Wolf
5
Myth #1: PGP 2.6 is incompatible with previous versions.
This is untrue. PGP 2.6 will ALWAYS be able to read stuff from
earlier versions.
PGP version 2.6 can read anything produced by versions 2.3, 2.3a,
2.4, or 2.5. However, because of a negotiated agreement between MIT
and RSA Data Security, PGP 2.6 will change its behavior slightly on 1
September 1994, triggered by a built-in software timer. On that
date, version 2.6 will start producing a new and slightly different
data format for messages, signatures and keys. PGP 2.6 will still be
able to read and process messages, signatures, and keys produced
under the old format, but it will generate the new format. This
change is intended to discourage people from continuing to use the
older (2.3a and earlier) versions of PGP, which Public Key Partners
contends infringes its RSA patent (see the section on Legal Issues).
PGP 2.4, distributed by Viacrypt (see the section Where to Get a
Commercial Version of PGP) avoids infringement through Viacrypt's
license arrangement with Public Key Partners. PGP 2.5 and 2.6 avoid
infringement by using the RSAREF(TM) Cryptographic Toolkit, under
license from RSA Data Security, Inc.
According to ViaCrypt, which sells a commercial version of PGP,
ViaCrypt PGP will evolve to maintain interoperability with new
freeware versions of PGP, beginning with ViaCrypt PGP 2.7.
It appears that PGP 2.6 has spread to Europe, despite the best
efforts of MIT and myself to prevent its export. Since Europeans now
seem to be using version 2.6 in Europe, they will have no problems
maintaining compatability with the Americans.
Outside the United States, the RSA patent is not in force, so PGP
users there are free to use implementations of PGP that do not rely
on RSAREF and its restrictions. Canadians may use PGP without using
RSAREF, and there are legal ways to export PGP to Canada. In
environments where RSAREF is not required, it is possible to
recompile the same PGP source code to perform the RSA calculations
without using the RSAREF library, and re-release it under the
identical licensing terms as the current standard freeware PGP
release, but without the RSAREF-specific restrictions. The licensing
restrictions imposed by my agreement with ViaCrypt apply only inside
the USA and Canada. It seems likely that any versions of PGP
prepared outside the US will follow the new format, whose detailed
description is available from MIT. If everyone upgrades before
September 1994, no one will experience any discontinuity in
interoperability.
Some people are attracted to PGP because it appeals to their
rebellious nature, and this also makes them resent anything that
smacks of "giving in" to authority. So they want to somehow
circumvent this change in PGP. Even though the change doesn't hurt
them at all. I'd like to urge them to think this one through, and
see that there is absolutely no good reason to try to get around it.
This new version is not "crippled" -- in fact, it is the old versions
that are now crippled. I hope that PGP's "legalization" does not
undermine its popularity.
Black Wolf
5
This format change beginning with 2.6 is similar to the process that
naturally happens when new features are added, causing older versions
of PGP to be unable to read stuff from the newer PGP, while the newer
version can still read the old stuff. All software evolves this way.
The only difference is that this is a "legal upgrade", instead of a
technical one. It's a worthwhile change, if it can achieve peace in
our time.
Future versions of PGP now under development will have really cool new
features, some of which can only be implemented if there are new data
format changes to support them. Like 2.6, the newer versions will
still read the older stuff, but will generate new stuff that the old
versions can't read. Anyone who clings to the old versions, just to
be rebellious, will miss out on these cool new features.
There is a another change that effects interoperability with earlier
versions of PGP. Unfortunately, due to data format limitations
imposed by RSAREF, PGP 2.5 and 2.6 cannot interpret any messages or
signatures made with PGP version 2.2 or earlier. Since we had no
choice but to use the new data formats, because of the legal
requirement to switch to RSAREF, we can't do anything about this
problem for now. Not many people are still using version 2.2 or
older, so it won't hurt much.
Beginning with version 2.4 (which was ViaCrypt's first version)
through at least 2.6, PGP does not allow you to generate RSA keys
bigger than 1024 bits. The upper limit was always intended to be
1024 bits -- there had to be some kind of upper limit, for
performance and interoperability reasons. But because of a bug in
earlier versions of PGP, it was possible to generate keys larger than
1024 bits. These larger keys caused interoperability problems
between different older versions of PGP that used different
arithmetic algorithms with different native word sizes. On some
platforms, PGP choked on the larger keys. In addition to these older
key size problems, the 1024-bit limit is now enforced by RSAREF. A
1024-bit key is very likely to be well out of reach of attacks by
major governments. In some future version, PGP will support bigger
keys. This will require a carefully phased software release approach,
with a new release that accepts larger keys, but still only generates
1024-bit keys, then a later release that generates larger keys.
Black Wolf
5
Myth #2: PGP 2.6 is weaker than previous versions, with a back door.
This is not true. I would not allow MIT or anyone else to weaken PGP
or put a back door in. Anyone who knows me will tell you that.
This is not to say that PGP doesn't have any bugs. All versions have
had bugs. But PGP 2.6 has no known bugs that have any net effect on
security. And MIT should be releasing a bug-fixed version of PGP 2.6
Real Soon Now.
Myth #3: PGP 2.6 was released without Zimmermann's cooperation.
Well, that's not true, either. Or I wouldn't be telling you all
this.
MIT did not steal PGP from me. This was a joint venture by MIT and
myself, to solve PGP's legal problems. It took a lot of manuevering
by me and my lawyers and by my friends at MIT and MIT's lawyers to
pull this off. It worked. We should all be glad this came off the
way it did. This is a major advance in our efforts to chip away at
the formidable legal and political obstacles placed in front of PGP;
we will continue to chip away at the remaining obstacles.
I hope this clears up the myths about PGP 2.6. I urge all PGP users
to upgrade to the new version before September. And I urge you all
to use the official 2.6 release, not anyone else's incompatible
bastardized mutant strain of PGP. Please pass the word around, and
help dispel these misguided rumors. This letter may be (and should
be) quickly reposted to BBS's and all appropriate newsgroups.
--Philip Zimmermann
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQCVAgUBLlL/iWV5hLjHqWbdAQFV7AP/VBSa9BiRfTuoBonJdkwTVC8fNGW8aI7n
QctOh+GrDaGl26rqtRjxtYTabAo+4B+sw6Dqz5o1OipKF/NuK7PFMzITdGMh940+
MXqOPCSLfDIwNzRzIHYQV/93jeJsixFZu/6j76mMxB6xrETXmswxIRicwm/QUxC1
0jbZEBrb/ug=
=u7IY
-----END PGP SIGNATURE-----
I thought you guys might find this interesting. -Black Wolf
MontyL
Thanks, Black Wolf.
Conversion made here, key to be posted soon.
John
"It appears that PGP 2.6 has spread to Europe, despite the best efforts of MIT and myself to prevent its export."
Sounds like a virus or somthing.
OJ's Afro
They have to say that in order to look good to those congressional inquiry people and the Pentagon.
Flying Wombat
sounds more like a way to point out that they (MIT and Zimmerman) aren't responsible for the export of this software, which the U.S. Feds still classify as "munitions" for some paranoid reason.
Black Wolf
Because they can't crack it, and that makes them very unhappy.
uncle herb
Did you know that the Pitts Lounge on Belmont St. NW is where Chuck Brown and the Soul Searchers began their illustrious career?
Black Wolf
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.1
mQCNAy6NzvMAAAEEAM6n81Z5QWVFZnJiFx9enmUbeRuVIDsJCWL0jmhsyNystz9l
ptX8d3oj1YkyWNFlnhCvJznB47Dr5D3UcZAhtuczDfGCSc1PW9pJ1Etp+wYD7il/
beQYLgJ57tgirv5mLPRqmTskQdFQ/e0p56tzC50dhgRTA7Y+Yw+esP8+FCgZAAUR
tBVCbGFjayBXb2xmIDxAd2xmLmJsaT60CkJsYWNrIFdvbGa0EkJsYWNrIFdvbGZA
d2xmLmJsaQ==
=T9OM
-----END PGP PUBLIC KEY BLOCK-----
Okay here is my new pgp key, this is to be used in place of my old 2.3 key as that one has now been destroyed.
The Predator
Hellllooooooooooooooo WHITE RAVEN! Lookie there, you seem to have my handle right up there with yours. What does this mean? Are you a girl? Do you have a working vagina? Is that why you think you're too sexy for me? Most people with the handle "Raven" in it are usually female. It's a female name.
Are you mad at me for something? I don't recall talking to you ever. Tell you what...I'll ignore you, and you'll go away. Or, go ahead and move...it only excites me.
The Predator
King of Men
The Predator
Hey you ^^^ Yeah...me. I can't figure out how to delete a message. Anyways, I figured it out, White Raven. No offense. That "The Predator" stuff pops up a lot. It's like an MCI command from CNET. Cute. Am I right? Or have I out-suckered myself?
night train
Don't worry, it's just foolish pride, Pred.
ZooKeeper
wolfie -- you got an extra space in the first line there...
Black Wolf
looks like I did, just delete it with a message editor. btw I can read pgp messages directed to me, but until you upgrade to pgp 2.6 or better 2.6.1 then you wont be able to decrypt my replys.
Lab Rat
quick quick get out the thorazine, someone needs a good dose.
ZooKeeper
it's MCI, don't worry about it Predator -- a lot of people get caught by it.
some of us just snicker about it as it scrolls by.
MontyL
Colorizing your 'nym helps to separate MCI from hand-entered, Pred.
Black Wolf
Hey Monty have you upgraded PGP yet? and if so whats your new key.
Torch Song
Don't think I ever got around to posting this before...
The current Torch Song <lnz.bli> key (may change, may not, who knows?):
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3
mQCNAi5K59IAAAEEAMiiUrpOW0nF55lr2V3mUXqw3w6jUvgyfHSSOK0AQ83Iv8mN
yX+ZUuq8G9117fz7DbYwzTJFadXnQHApFOM9Suq8LWMrQn3SBm3v/FrY70HljslL
GWRCfzxeO5dn4bclLKs4X/cirqhPkdY5NjVQLYGfHEVgpgTMy3+4FLsNZ+OdAAUR
tBRUb3JjaCBTb25nIDxsbnouYmxpPg==
=kjhB
-----END PGP PUBLIC KEY BLOCK-----
Sorry about that folks...we now return you to your topic drift...
ZooKeeper
sis -- is that the same key I've got for you?
MontyL
Nope, BW. Haven't been on the machine much.
Torch Song
yes
Black Wolf
tsk tsk
MontyL
Terrible, isn't it?
Black Wolf
yes it is... :)
MontyL
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.1
mQCNAy6XeG0AAAEEALxQ4ZLxittmf0hDdhGDYhR93f0BLUwLT4nruCfreRx+f1yO
8n01Um/kMY6pZoBesyBebFP+frXciRqph8K5EHpCAdHxD2vwf6UzYsv4tpeF5S7P
vVy+pfqGqO8vDzD8iyK1Pti1XRKFBpJCFrT+plqKHY9uuUZ56C9dRoqnB4bJAAUR
tCZNb250eSBMZWlicmFudCA8bW9udHlsQGhvcml6b24ud2EuY29tPokAlQMFEC6X
eoovXUaKpweGyQEBk1YEAI2uVtj42CFL8eho92dBRuC4MyNfgLcuAsKTA1r8lh0b
/5zYX/k1WleVbUayVUdXVIJM5SW65Mp+qOPEugwDb1JhwMfqUsHLEghe6Wx2MboQ
rSwqLGmkRT2ALbGn1N0LTzj7Y6Vp6exo8tgRd4UZ9gocX909tVrs3mlWch6m/da1
=QbDv
-----END PGP PUBLIC KEY BLOCK-----
�
Better? ;)
Torch Song
Oh great...now I'm gonna have to upgrade, too... <sigh>
Black Wolf
Cool..
Black Wolf
yes yes yes!!! arnt I contagious
MontyL
Dragging your feet does not become you, TS.
Torch Song
I've been preoccupied, MontyL...
ZooKeeper
me too... <sigh>
upgrade tomorrow probably.
MontyL
Accepted. Both of you. Now, get off your butts. _I'm_ the procrastinator here... :)
ZooKeeper
me too.
very pleasantly for a change.
ZooKeeper
well sorrrrryyyyy! :> I'll probably keep both on my drive until all involved in my little net have switched over, but I should have access to 2.6 this afternoon. fair?
Bookworm
I suppose I could get into it though I am not sure why.
Black Wolf
hahah I'm already dooonnnee
Blain Nelson
Monty -- I've been well practiced at procrastinating since long before I started this board. Why it would have been up earlier but I just kept putting it off.
But if you'll send me the new whiz-bang legal version, why I'll start procrastinating putting it up.
MontyL
Considering that this afternoon is history... You bet! :)
ZooKeeper
well, I got started up grading, but life intervened. <sigh>
ZooKeeper
Blain, I already sent you the shell and batch files and stuff...
MontyL
The old shell seems to do just fine, Blain. As far as I can tell, they kept the original commandline arguments in PGP.
Blain Nelson
I've got the shell and batch files, but I don't have 26.1 or whatever, or I didn't but I might now.
MontyL
You should have it, unless BWL tossed it...
Flying Wombat
Date: 15 Oct 1994 10:18:00 -0400
Words for Export - but Not Electrons
Critics Question U.S. Restrictions on Disk From Cryptography Book
By John Schwartz, Washington Post Staff Writer
When is a book not a book?
"When it's a bit," suggested privacy activist John Gilmore.
A recent decision by the State Department restricting foreign sale of an electronic version of a portion of a book while allowing the printed text to be sold freely has raised fundamental questions of how First Amendment issues apply in the electronic age.
Critics say that the decision to continue export restrictions on a disk by cryptography expert Bruce Schneier also shows that the government's policies concerning encryption - the privacy enhancing technology to scramble information - do not make sense in a fast-changing world.
Schneier has written a book, "Applied Cryptography," that has sold about 20,000 copies worldwide at $44.95 each. The book includes pages of software instructions which, when typed into a computer, would allow users to scramble their files and messages. Schneier offers separately a $15 disk version of the software instructions in his book. Earlier this year, the State Department office that administers the complex rules governing export restrictions
refused a request to allow the disk to be sold overseas, even though the book is readily available and the technology well known. On Thursday, the Office of Defense Trade Control (ODTC) said in a letter that it was standing by its decision.
The State Department said that the disk was different from the book because the disk makes the software much easier to use. Martha C. Harris, deputy assistant secretary for export controls, wrote that "continued control over the export of such material is consistent with the protections of the First Amendment," which protects freedom of speech.
Schneier said that the State Department's distinction makes no sense because the software recorded on the disk is the same as that printed in the book. It would take only a few hours for a dedicated would-be cryptographer to type the information into a computer, and even less time to read the information with an electronic scanner.
Perhaps government officials "are assuming that foreigners can't type," Schneier said, adding that he has received mail from many people who have keyed in the programs by hand. Much of the software also is readily available free via the Internet, the global network of computer networks.
The State Department ruling is "utterly moronic," said Dave Banisar, a spokesman for the Electronic Privacy Information Center, a high-tech civil liberties group that opposes the Clinton administration on cryptography issues. "In their desperation to try to prevent the evil of cryptography from being exported, they're trampling all over the First Amendment."
By the State Department's logic, Banisar said, "what you're typing into your computer isn't protected by the First Amendment; it only gets protected when you print it. I can't think of a court in the world that would uphold that kind of distinction."
The government long has considered the control of cryptography exports critical to national security. Breaking German and Japanese codes helped the Allies win World War II. With the advent of cheap and powerful desktop computers, encryption technology has become more easily accessible, and the software has grown increasingly popular for businesses and privacy-minded individuals as a way to safeguard
electronic transactions and communications. Encryption has become a standard feature in a range of software that includes financial spreadsheets and communications programs.
But the prospect of criminals and terrorists using unbreakable encryption technology alarms the National Security Agency and crime fighters. Although the government has relaxed export bans on weaponry and powerful computers, restrictions on exporting encryption technology remain in place - despite complaints by American software companies that such policies hinder U.S. competitiveness in global markets.
A State Department official involved in export control said, "When you look at it quickly, it doesn't seem to make a lot of sense. But there are a lot of concerns that come into play," such as the precedent that allowing distribution of the disk would create. "Who knows what they are going to do next?"
The State Department decision appears to be at odds with the stated policy of the Clinton administration to loosen restrictions on cryptography, said Bruce Heiman, outside counsel to the Business Software Alliance, which has worked to relax export controls. In a July 20 letter to Rep. Maria Cantwell (D-Wash.), Vice President Gore wrote, "I share your strong conviction for the need to develop a comprehensive policy regarding
encryption, incorporating an export policy that does not disadvantage American software companies in world markets while preserving our law enforcement and national security goals."
Gore's office did not respond to calls yesterday.
"It clearly shows the absurdity of trying to control the uncontrollable," Heiman said. "Because encryption knowledge and technology is so widely available worldwide, the only effect of continuing restrictions on American product exports is to export American jobs." 02:32 10-15C9999-----
Freejack
that is supposed to be an *excellent* book on the subject...
though very technical...
Black Wolf
Hmmm I'm going to have to find me a copy of it...
Black Wolf
Seems to be a problem with the pgp batch files and Cit+ /065, looking into correcting this right now..
Black Wolf
Okay update PGP batch files for use with Cit+ /065
pgpfix.bat
pgp -ea c:\cit\aplic\edittext.tmp
copy control.fil %1 (remember control.fil contains ^a5 character)
copy %1+edittext.tmp
del edittext.tmp
Pgpmail.bat
Copy c:\cit\printer.out c:\cit\aplic\edittext.tmp
edit c:\cit\aplic\edittext.tmp
pgp c:\cit\aplic\edittext.tmp
edit c:\cit\aplic\edittext
copy edittext edittext.tmp
del edittext
del c:\cit\printer.out
del c:\cit\aplic\pgp\pgpmail.pgp
ZooKeeper
looking into successfully I hear, wanna send them my way?
pretty please?
MontyL
This way, too, wolfie. No rush though... I still don't trust it yet.
PGP Net> _