Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Crypto :: ipgp0201.txt

Info-PGP Digest, 2.01





   Info-PGP: PGP Digest   Saturday 12 November 1992  Volume 2 : Number 1
                Hugh Miller, List Manager / Moderator

    Info-PGP is a digested mailing list dedicated to discussion of Philip
Zimmermann's `Pretty Good Privacy' (PGP) public-key encryption program for
MS-DOS, Unix, VMS, Atari, Amiga, SPARC, Macintosh, and (hopefully) other
operating systems.  It is primarily intended for users on Internet sites
without access to the `alt.security.pgp' newsgroup.  Most submissions to
alt.security.pgp will be saved to Info-PGP, as well as occasional relevant
articles from sci.crypt or other newsgroups.  Info-PGP will also contain
mailings directed to the list address.
    To SUBSCRIBE to Info-PGP, please send a (polite) note to
info-pgp-request@lucpul.it.luc.edu.  This is not a mailserver; there is a
human being on the other end, and bodiless messages with "Subject:" lines
reading "SUBSCRIBE INFO-PGP" will be ignored until the sender develops
manners.  To SUBMIT material for posting to Info-PGP, please mail to
info-pgp@lucpul.it.luc.edu.  In both cases, PLEASE include your name and
Internet "From:" address.  Submissions will be posted pretty well as received,
although the list maintainer / moderator reserves the right to omit redundant
messages, trim bloated headers & .sigs, and other such minor piffle.  I will
not be able to acknowledge submissions, nor, I regret, will I be able to pass
posts on to alt.security.pgp for those whose sites lack access.
    Due to U.S. export restrictions on cryptographic software, I regret that I
cannot include postings containing actual source code (or compiled binaries)
of same.  For the time being at least I am including patches under the same
ukase.  I regret having to do this, but the law, howbeit unjust, is the law.
If a European reader would like to handle that end of things, perhaps run a
"Info-PGP-Code" digest or somesuch, maybe this little problem could be worked
around.
    I have received a promise of some space on an anonymous-ftp'able Internet
site for back issues of Info-PGP Digest.  Full details as soon as they firm
up.
    Oh, yes: ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; STANDARD
DISCLAIMERS APPLY.

Hugh Miller       | Asst. Prof. of Philosophy |  Loyola University Chicago
FAX: 312-508-2292 |    Voice: 312-508-2727    |  hmiller@lucpul.it.luc.edu
 Signed PGP v.2.1 public key certificate available by e-mail & finger(1)

-------------------------------------------------------------------------------

From: jcmurphy@acsu.buffalo.edu (Jeff Murphy)
Newsgroups: alt.security.pgp,alt.security,sci.crypt,talk.politics.misc
Subject: Re: PGP v. 2.1 Released
Date: 8 Dec 92 22:29:29 GMT

In article <1992Dec8.172944.19370@netcom.com> strnlght@netcom.com (David Sternlight) writes:
>
>I don't understand the comment that "if you're living in the U.S.A.
>you probably shouldn't be using it" (pgp2.1). I thought it was o.k.
>for personal, educational, or research use, and only an infringement
>if used commercially without permission of PKP.
>
>Can anyone clear this up once and for all?

        yes. the algorithm employed in PGP is patented, and PKP
(from what I have gathered) does not have permission to use it. Therefore,
it is techically illegal to use the program...

hope this helps

-- 
jcmurphy@acsu.buffalo.edu                 cit network installation and repair
opnsmurf@ubvms.cc.buffalo.edu             standard disclaimers apply.  sunyab
   the neurotic build castles in the sky and the psychotic live in them.

=-=-=-=-=-=

From: dick.zeitlin%acc1bbs@ssr.com (Dick Zeitlin) 
Newsgroups: sci.crypt
Subject: Re: Questions about US/Ca
Date: 7 Dec 92 22:00:00 GMT

  > .:  (2) Is it illegal to crypt any form of communication (like regular
  > .:      mail) or, as above, people are just wishing it were ?

RC> .Not yet according to specific statute.

47CFR 97.113(d):  (Concerning amateur radio...)
        No station shall transmit ... messages in codes or ciphers where
        the intent is to obscure the meaning (except where specifically
        excepted elsewere (sic) in the Part);

Note:  I haven't found those exceptions yet...

        D/

 * OLX 2.2 * Bring back A-N airways!!    Dick.Zeitlin%acc1bbs@ssr.com
                                                                                   
=-=-=-=-=-=

Newsgroups: alt.security.pgp,alt.security,sci.crypt,talk.politics.misc
From: frechett@spot.Colorado.EDU (-=Runaway Daemon=-)
Subject: Re: PGP v. 2.1 Released
Date: Thu, 10 Dec 1992 07:53:42 GMT

In article <1992Dec8.155135.385@uoft02.utoledo.edu> jsteiner@anwsun.phya.utoledo.edu (jason 'Think!'ner) writes:

>i tried assigning a key to 'pgp -fast +clearsig=on'. this works
>as a file pipe, but when i try to use it in vi it hangs on asking for
>my password. i know how to set my password as an environment var, 
>but i'd rather it prompted me each time.

It is prompting.. That's why it hangs.. you just can't see the prompt.
While it's hung, type in your passwd.  It will not show on the screen
and then give it a sec.  I find it generally takes a bit longer.. Of
course if you mistype it's hard to tell what it's up to.. Kill it with ^C.

>jason

        ian

=-=-=-=-=-=

From: mathew <mathew@mantis.co.uk>
Newsgroups: alt.security.pgp
Subject: Re: PGP-compatible archiver released
Date: Wed, 09 Dec 92 16:47:39 GMT

pgut1@cs.aukuni.ac.nz (Peter Gutmann) writes:
>   - Quality Postscript documentation (600K worth)

Any chance of making the documentation available in some sort of document
format, rather than as a printer dump file?  I mean, how would you like it if
I posted this article in HPGL?

mathew
-- 
Lung cancer and arteriosclerosis.
For people who like to smoke.

=-=-=-=-=-=

Newsgroups: alt.security.pgp
Subject: Re: PGP-compatible archiver released
From: pgut1@cs.aukuni.ac.nz (Peter Gutmann)
Date: Thu, 10 Dec 1992 12:58:12 GMT

In <5TXiVB38w165w@mantis.co.uk> mathew <mathew@mantis.co.uk> writes:

>pgut1@cs.aukuni.ac.nz (Peter Gutmann) writes:
>>   - Quality Postscript documentation (600K worth)

>Any chance of making the documentation available in some sort of document
>format, rather than as a printer dump file?  I mean, how would you like it if
>I posted this article in HPGL?

There's a flat ASCII file included with the source code and executables if
you can't handle Postscript (that's why I put the PS docs in a seperate file -
not everyone will want them.  You get the ASCII docs by default, and if you
want better-quality ones you can grab the PS stuff).

As for the second comment, I've seen PS .sigs, so why not a posting in
HPGL?  Go ahead, be the first on your system to post in a fancy text
format - 

SS
0 0 0 fC
32 0 0 50 50 0 0 45 /Times-Roman /font32 ANSIFont font
300 209 717 (If you've got it, why not flaunt it :-\)) SB
EJ RS SS
RS

(Damn, PS smilies don't quite turn out right)
Peter.
--
 pgut1@cs.aukuni.ac.nz||p_gutmann@cs.aukuni.ac.nz||gutmann_p@kosmos.wcc.govt.nz
peterg@kcbbs.gen.nz||peter@nacjack.gen.nz||peter@phlarnschlorpht.nacjack.gen.nz
               (In order of preference - one of 'ems bound to work)

=-=-=-=-=-=

Newsgroups: alt.security.pgp
From: dbarber@crash.cts.com (David C. Barber)
Subject: PGP -- drugs or security?
Date: 10 Dec 92 01:31:59 GMT

PGP here seems to refer to a public key cypher system, while in
alt.drugs they are discussing PGP as something found in mushrooms.

Is this a put-on somewhere, or do we just happen to use the same 
acryonim both places?

Without change,                         *David Barber*
   nothing can ever get better.            @}-->----

UUCP: ucsd!crash!dbarber
INET: dbarber@crash.cts.com

=-=-=-=-=-=

Newsgroups: alt.security.pgp,alt.security,sci.crypt,talk.politics.misc,talk.politics.guns
From: uri@watson.ibm.com (Uri Blumenthal)
Subject: Re: PGP v. 2.1 Released
Date: Thu, 10 Dec 1992 17:36:45 GMT

In article <1992Dec9.181918.13779@netcom.com>, strnlght@netcom.com (David Sternlight) writes:
|> It is unlikely that the government would "tip off" PKP, since that
|> would be an acknowledgement that they're monitoring and using traffic
|> in general without a court order. 

I don't see how one would prove that the gov't "tipped" PKP in case
it happens. How about the following scenario: 

        1) A scapegoat is chosen.
        2) His traffic is monitored and some "cherry" is found
           (like using PGP :-).
        3) A court order is received for some "chicken-shit" offense.
        4) That offense isn't proven and therefore doesn't stick,
           but during the "investigation" a case of patent
           infringement is opened.
        5) PKP sues the pants off the poor individual.
        6) Go to step 1).

|> It is, I believe, still illegal
|> for the NSA to monitor wholly domestic traffic, and the FBI cannot
|> do so without a court order showing probable cause for an individual
|> monitored. Though I'm not an attorney, I speculate that the FBI could
|> not get a general court order permitting monitoring of, say, domestic
|> Internet mail.

Theoretically your're correct. Practically - "might is right". And you
can't even TELL whether your traffic is monitored...

So I wouldn't stake my life/freedom on how strictly FBI/NSA/??? are
observing the regulations supposedly governing them.

Somewhere in PGP docs there's a nice phrase: 
        
        "PGP is guerilla freeware....."

Well, guerillas who announce themselves publicly. don't
live long (physical law :-).

Why does PGP has those ugly lines "----BEGIN PGP...."
and so on? PGP-2.1 is much better than PGP-2.0. Let's
make it really good now -  GET RID OF THOSE BETRAYING
TAGS! NOW!

|> Disclaimer: Nothing in this message should be read to imply I'm using
|> any system covered by PKP patents, in violation of such patents.

Of course! Neither am I (:-)
-- 
Regards,
Uri.            uri@watson.ibm.com
------------
<Disclaimer>

=-=-=-=-=-=

Newsgroups: alt.security.pgp,alt.security,sci.crypt,talk.politics.misc,talk.politics.guns
From: strnlght@netcom.com (David Sternlight)
Subject: Re: PGP v. 2.1 Released
Date: Thu, 10 Dec 1992 18:51:07 GMT

I have mixed feelings about Uri's message.

Until the legal status is resolved, one might wish to get rid of the
PGP "tags" which are overt confirmation that one is using a public key
system. On the other hand, I disagree in the sense that if unlicensed
use of public key systems REALLY IS a violation of law (not "is
asserted to be by PKP")--for example after a court case--then his
suggestions is tantamount to publicly advocating the concealing of a
legal violation, which I cannot support.

If one feels PKP is over-broad in their claims, the way to deal with
this is by direct resolution. If one feels PKP is legally on firm ground
but thinks there "shouldn't be" patent protection for software, or some
such, again the way to deal with this is by trying to get the law changed.
I'm not one who supports illegal acts in the face of what one thinks
is unfairness.

Finally, I trust the police and intelligence agencies of our
government.  They are not a bunch of fascists out to get the innocent,
as some messages sometimes imply, but hard-working fellow-Americans
trying to do a very difficult job. Yes, there have been, and may
continue to be some individual abuses, sometimes by senior people, but
the way to deal with that is via strong internal and external
watchdogs, and by clear definition of what is, and isn't to be
permitted.

Recent trials of government officials, and recent use of independent
prosecutors, whatever one thinks of the substance, go a long way
toward compelling caution by those who would abuse their privileged
and trusted positions in the FBI and intelligence services.

David

=-=-=-=-=-=

Newsgroups: alt.security.pgp
From: res@colnet.cmhnet.org (Rob Stampfli)
Subject: pgp2.1 signed announcement botched by usenet?
Date: Thu, 10 Dec 1992 05:29:39 GMT

I missed the official announcement of pgp2.1 which was apparently posted
here several days ago, but I found a copy of it posted to alt.privacy.
The message was signed by Phil with the new pgp "+clearsig=on" option.
Unfortunately, Phil's concern about mailers slightly corrupting the message
in innocuous ways so that it no longer matches the original, and therefore
no longer has a valid signature, appears to be borne out by the posting to
alt.privacy:  All empty lines in that post have one space added to them.
The signature only checks out when one edits the posted file and ":%s/^ $//".

BTW, excellent job on the 2.1 release -- a clean compile the first time.
-- 
Rob Stampfli  rob@colnet.cmhnet.org      The neat thing about standards:
614-864-9377  HAM RADIO: kd8wk@n8jyv.oh  There are so many to choose from.

=-=-=-=-=-=

From: ujacampbe@memstvx1.memst.edu (James Campbell)
Newsgroups: alt.security.pgp
Subject: Re: PGP v. 2.1 Released
Date: 10 Dec 92 18:44:29 -0600

In article <1992Dec10.173645.147966@watson.ibm.com>, Uri Blumenthal raves:

>Somewhere in PGP docs there's a nice phrase: 
>       
>       "PGP is guerilla freeware....."
>
>Well, guerillas who announce themselves publicly. don't
>live long (physical law :-).
>
>Why does PGP has those ugly lines "----BEGIN PGP...."
>and so on? PGP-2.1 is much better than PGP-2.0. Let's
>make it really good now -  GET RID OF THOSE BETRAYING
>TAGS! NOW!

    I've seen this demand before, and didn't comment on it, but now I'll 
go ahead and make the obvious suggestion:  If you don't want the lines
-----BEGIN PGP MESSAGE-----, Version: 2.1, and -----END PGP MESSAGE---- 
in the messages you're transmitting, why not just strip them out and send
the radix-64 stuff only?  The recipient need only add that information (or,
simpler still, write a short program to add it), then decrypt as usual.
    Considering how little PGP's developers are making off this paragon of
freeware programming, it ill behooves us to DEMAND IMMEDIATE CHANGES that 
we can easily add ourselves, or simulate with a couple of easily-written
STRIPTAG and ADDTAG programs.

 James Campbell, Math Sciences Department, MSU; ujacampbe@memstvx1.memst.edu

=-=-=-=-=-=

Newsgroups: alt.security.pgp,alt.security,sci.crypt,talk.politics.misc,talk.politics.guns
From: Alex.Strasheim@launchpad.unc.edu (Alex Strasheim)
Subject: Re: PGP v. 2.1 Released
Date: Thu, 10 Dec 1992 23:05:53 GMT

I know that pgp files can be identified as pgp files (because, after all,
you can always try to feed it into pgp and see if it asks you for a public
key).  It seems to me that this is a necessary consequence of having a key
managment system, but I don't have the expertise to say for sure.

What I want to know is:  is identifiability a *necessary* feature of a
public key system?  Would it be possible to to devise a public key
encryption program that would, when used to encrypt a message with
someone's private key, emit a series of bytes that would appear to be
essentially random?  If this is possible, then people could just assume
that whenever they received a seemingly random stream of bytes in the
mail, that it was in fact a message that had been encrypted with their
private key.

If this is indeed possible, it seems to me that any attempt to require
private key registration (as Prof. Denning has proposed) would be futile,
because it would be impossible to prove that public key encryption had
been used.

        Alex
--
   The opinions expressed are not necessarily those of the University of
     North Carolina at Chapel Hill, the Campus Office for Information
        Technology, or the Experimental Bulletin Board Service.
           internet:  laUNChpad.unc.edu or 152.2.22.80

=-=-=-=-=-=

From: yee@mipg.upenn.edu (Conway Yee)
Newsgroups: alt.security.pgp,alt.security,sci.crypt,talk.politics.misc,talk.politics.guns
Subject: Re: PGP v. 2.1 Released
Date: 11 Dec 92 00:06:36 GMT

>Would it be possible to to devise a public key
>encryption program that would, when used to encrypt a message with
>someone's private key, emit a series of bytes that would appear to be
>essentially random?  

If a series of bytes were to be random, no message could possibly be
encoded within it.  The question, then becomes, is it possible that
two entirely different encoding schemes would produces bytestreams
which are statistically indistinguishable from each other.

-- 
411 Blockley Hall      |                    Conway Yee, N2JWQ
418 Service Drive      | yee@ming.mipg.upenn.edu    (preferred)
Philadelphia, PA 19104 | cy5@cunixa.cc.columbia.edu (forwarded to above)
(215) 662-6780         |

=-=-=-=-=-=

Newsgroups: alt.security.pgp,alt.security,sci.crypt,talk.politics.misc,talk.politics.guns
From: pmetzger@snark.shearson.com (Perry E. Metzger)
Subject: Re: PGP v. 2.1 Released
Date: Fri, 11 Dec 1992 03:08:07 GMT

uri@watson.ibm.com writes:
>Somewhere in PGP docs there's a nice phrase: 
>       
>       "PGP is guerilla freeware....."
>
>Well, guerillas who announce themselves publicly. don't
>live long (physical law :-).
>
>Why does PGP has those ugly lines "----BEGIN PGP...."
>and so on? PGP-2.1 is much better than PGP-2.0. Let's
>make it really good now -  GET RID OF THOSE BETRAYING
>TAGS! NOW!

I guess you never read the docs. Those "betraying tags" have a purpose
-- they allow the system to automatically find the beginning and end
of messages. You can feed mail messages into PGP without even
stripping the headers. Its all very well engineered, and the feds can
tell you are using PGP anyway by looking at the magic numbers in the
Radix 64 text. I don't think there is any point in stripping them,
since it adds no security for you and will make the program a lot more
inconvenient to use. Its inconvenient enough already....

--
Perry Metzger           pmetzger@shearson.com
--
"They can have my RSA key when they pry it from my cold dead fingers."
Libertarian Party info: Phone 1-800-682-1776, E-Mail 345-5647@mcimail.com

=-=-=-=-=-=

Newsgroups: alt.security.pgp,alt.security,sci.crypt,talk.politics.misc,talk.politics.guns
From: frechett@spot.Colorado.EDU (-=Runaway Daemon=-)
Subject: Re: PGP v. 2.1 Released
Date: Fri, 11 Dec 1992 07:09:17 GMT

-----BEGIN PGP MESS-----

Put -----BEGIN PGP etc etc.. around all your messages.. encrypted or not.

I am admitting no guilt here.  I simply like the way it looks. 

-----END PGP MESS-----   ;)

        ian 

=-=-=-=-=-=

Newsgroups: alt.security.pgp,alt.security,sci.crypt,talk.politics.misc
From: luckey@rtfm.mlb.fl.us (Jon Luckey)
Subject: Re: PGP 2.1 site list
Date: Thu, 10 Dec 1992 23:35:08 GMT

s0rah@exnet.co.uk (R A Hollands) writes:
>I've fetched pgp21.zip three times from funet and every time I end
>up with a zip file that crc errors in the two doc files and the exe.

>I am using pkunzip 1.1.  Anyone else have this trouble?  Anyone have
>have a stunningly obvious solution?
>TIA Richard.

I've had a similar problem.  I don't know why, or if there are any other 
solutions.  But what I finally ended up doing was using a unix unzip
to unzip the zip file from funet, then rezip using a -ks option.
That archive I was able to unzip using PKUNZIP 1.1 on a DOS machine.

For some reason, implode type compression seemed to cause crc errors
sometimes, but for shrink compression seemed to work.

=-=-=-=-=-=

From: cme@ellisun.sw.stratus.com (Carl Ellison)
Newsgroups: alt.security.pgp,alt.security,sci.crypt,talk.politics.misc,talk.politics.guns
Subject: Re: PGP v. 2.1 Released
Date: 10 Dec 92 17:21:52 GMT

In article <ByzCtE.8oy@news.cso.uiuc.edu> cburian@ux4.cso.uiuc.edu
(Christopher J Burian) writes:
>I was just wondering...  I've heard rumors that the guvmint filters
>everything going over the net.  Do you suppose they look for
>----BEGIN PGP *  along with the usual mundane stuff?  Then go after    
>people for patent infringement; confiscating burglary tools, a.k.a 
>citizens' computers.....

Sounds like a good reason to switch from PGP to RIPEM.

More to the point, someone should publish an interface description for
PGP so that someone else can write a totally legal program which sends
and receives in PGP format but uses RSAREF and its individual license.
This way, those of us who would like to remain legally proper can participate
in the exchange of PGP-like mail.

-- 
-- <<Disclaimer: All opinions expressed are my own, of course.>>
-- Carl Ellison                                         cme@sw.stratus.com
-- Stratus Computer Inc.        M3-2-BKW                TEL: (508)460-2783
-- 55 Fairbanks Boulevard ; Marlborough MA 01752-1298   FAX: (508)624-7488

***** End Info-PGP Digest *****


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH