Info-PGP: PGP Digest Thursday 26 November 1992 Volume 1 : Number 34 Hugh Miller, List Manager / Moderator Info-PGP is a digested mailing list dedicated to discussion of Philip Zimmermann's `Pretty Good Privacy' (PGP) public-key encryption program for MS-DOS, Unix, VMS, Atari, Amiga, SPARC, Macintosh, and (hopefully) other operating systems. It is primarily intended for users on Internet sites without access to the `alt.security.pgp' newsgroup. Most submissions to alt.security.pgp will be saved to Info-PGP, as well as occasional relevant articles from sci.crypt or other newsgroups. Info-PGP will also contain mailings directed to the list address. To SUBSCRIBE to Info-PGP, please send a (polite) note to info-pgp-request@lucpul.it.luc.edu. This is not a mailserver; there is a human being on the other end, and bodiless messages with "Subject:" lines reading "SUBSCRIBE INFO-PGP" will be ignored until the sender develops manners. To SUBMIT material for posting to Info-PGP, please mail to info-pgp@lucpul.it.luc.edu. In both cases, PLEASE include your name and Internet "From:" address. Submissions will be posted pretty well as received, although the list maintainer / moderator reserves the right to omit redundant messages, trim bloated headers & .sigs, and other such minor piffle. I will not be able to acknowledge submissions, nor, I regret, will I be able to pass posts on to alt.security.pgp for those whose sites lack access. Due to U.S. export restrictions on cryptographic software, I regret that I cannot include postings containing actual source code (or compiled binaries) of same. For the time being at least I am including patches under the same ukase. I regret having to do this, but the law, howbeit unjust, is the law. If a European reader would like to handle that end of things, perhaps run a "Info-PGP-Code" digest or somesuch, maybe this little problem could be worked around. I have received a promise of some space on an anonymous-ftp'able Internet site for back issues of Info-PGP Digest. Full details as soon as they firm up. Oh, yes: ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; STANDARD DISCLAIMERS APPLY. Hugh Miller | Asst. Prof. of Philosophy | Loyola University Chicago FAX: 312-508-2292 | Voice: 312-508-2727 | hmiller@lucpul.it.luc.edu Signed PGP v.2.0 public key certificate available by e-mail & finger(1) ------------------------------------------------------------------------------- Newsgroups: alt.security.pgp From: vatne@alcatel.no (Lars Vatne) Subject: Re: How secure is "casual" or "military"? Date: Thu, 19 Nov 92 10:16:09 GMT In article <1992Nov17.123738.9570@u.washington.edu>, snark@blegga.u.washington.edu (David Howell) writes: |> |> How secure ARE the various sizes? "Casual" eh? I mean, exactly, |> approximately, or even vaguely how much time, talent, and/or computer |> power would be needed to crack a pgp encryption? I've got enough |> computer power that a 1024-bit key doesn't take that long to work, |> and I'm sure it'll only get faster for all of us. I'm assuming that a |> 1K key is more than merely twice as hard to open (at least with brute |> force) than a 512-bit key, yes? Quoting from "Security mechanisms for computer networks", Sead Muftic et al, Ellis Horwood 1989: Magnitude for the modulus in the RSA system ----------------------------------------------------------------------- Log10(n) Number of operations Remarks ----------------------------------------------------------------------- 50 1.4E10 100 2.3E15 At the limits of current technology 200 1.2E23 Beyond current technology 400 2.7E34 Requires significant advances in technology 800 1.3E51 Provided you have a 10 000 MIPS computer system (which you don't), you'd use ~ 3E33 years factoring the primes for an 800 bit modulo. Need a lot of patience.... -- Lars Vatne Phone : +47 2 63 76 51 Engineering Division Fax : +47 2 63 84 97 Alcatel Telecom Norway AS e-mail : lars.vatne@alcatel.no =-=-=-=-=-= From: ujacampbe@memstvx1.memst.edu (James Campbell) Newsgroups: alt.security.pgp Subject: Re: How secure is "casual" or "military"? Date: 19 Nov 92 12:03:29 -0600 In article <1992Nov19.101609.9113@alcatel.no>, Lars Vatne writes: > Provided you have a 10 000 MIPS computer system (which you don't), you'd > use ~ 3E33 years factoring the primes for an 800 bit modulo. Need a lot of > patience.... But log10(2^800) = 240.824, not 800. It would take a 2658-bit modulus to get a log10 of 800. Since PGP 2.0 only allows RSA keys up to a size of 1136 bits, the largest possible PGP key has a log10(2^1136) of 341.97, for which factoring would require around 2.5E31 operations, according to your source. Also, this is a three-year-old UNCLASSIFIED document that you quote. It's reasonable to assume that some large black-budgeted cryptologic organization (for example, our NSA here in America) has better factoring algorithms than are generally available, considering that they are better-funded and driven by their mission to produce and use the fastest algorithms possible. =========================================================================== James Campbell, Math Sciences Department, MSU; ujacampbe@memstvx1.memst.edu --------------------------------------------------------------------------- =-=-=-=-=-= Newsgroups: alt.security.pgp From: hmiller@lucpul.it.luc.edu (Hugh Miller) Subject: PGP 2.0 sites list Date: Sun, 22 Nov 1992 19:12:56 GMT (Last modified: 1850 UTC, 22 Nov 92) PGP v. 2.0 is gradually making its way out into the electronic world. It has been posted to the FidoNet Software Distribution Network and should up on many if not most Canadian and U.S. nodes carrying SDN software. Sorry: not on FidoNet nodes outside the U.S. or Canada yet; U.S. crypto export laws are strict and their enforcement is humorless. (Odd that U.S. export laws treat Canada as part of the U.S., eh? Jumping the gun by a few years there, aren't we?) Look for a local node near you. On the Internet, there are many sites to try for anonymous ftp: nic.funet.fi (128.214.6.100) /pub/unix/security/crypt/pgp20.zip /pub/unix/security/crypt/pgp20src.zip van-bc.wimsey.bc.ca (192.48.234.1) /pub/crypto/PGP-2.0/pgp20.zip /pub/crypto/PGP-2.0/pgp20src.zip ftp.uni-kl.de (131.246.9.95) /pub/atari/incoming/pgp20.zip (Atari binary) /pub/atari/incoming/pgp20src.zip ghost.dsi.unimi.it (149.132.2.1) /pub/crypt/pgp20.zip /pub/crypt/pgp20src.zip gate.demon.co.uk (158.152.1.65) /pub/ibmpc/pgp/pgp20.zip qiclab.scn.rain.com (147.28.0.97) /pub/mail/pgp20.zip pc.usl.edu (130.70.40.3) /pub/msdos/crypto/pgp20.zip leif.thep.lu.se (130.235.92.55) /pub/Misc/pgp20.zip goya.dit.upm.es (138.4.2.2) /info/unix/misc/pgp20/pgp20.zip tupac-amaru.informatik.rwth-aachen.de (137.226.112.31) /pub/rz.archiv/simtel/msdos/MSDOS_UPLOADS/pgp20.zip ftp.etsu.edu (192.43.199.20) /aminet/util/crypt/PGP20amiga.lha (Amiga binary) princeton.edu (128.112.128.1) /pub/pgp20/pgp20.zip /pub/pgp20/unix_pgp20.tar.Z (compressed tar file for Unix sites lacking an implementation of unzip.) pencil.cs.missouri.edu (128.206.100.207) /pub/crypt/pgp20.zip /pub/crypt/pgp20src.zip /pub/crypt/pgp20src.tar.Z (compressed tar file for Unix sites lacking an implementation of unzip.) For those lacking ftp connectivity to the net, nic.funet.fi also offers the files via mail. Send the following mail message to mailserv@nic.funet.fi: ENCODER uuencode SEND pub/unix/security/crypt/pgp20src.zip SEND pub/unix/security/crypt/pgp20.zip This will deposit the two zipfiles, as 15 batched messages, in your mailbox with about 24 hours. Save and uudecode. You can try to get PGP 2.0 via email from: listserv@spectrx.saigon.com Send a statement: /PDGET /public/msdos/pgp20.zip [UUENCODE | XXENCODE] This is a small DOS Waffle machine in San Jose, CA (not Vietnam). PGP20.ZIP is available in the UNIX and IBMPC RoundTables on the commercial service, GEnie. Search for "PGP" or "Privacy" or for uploads by "ANDY" (Andy Finkenstadt, GEnie UNIX sysop/manager, to whom many thanks!) Both PGP20.ZIP and PGP20SRC.ZIP are available from Exec-PC in Milwaukee, one of (if not *the*) largest private BBS's in North America. They're available in the Mahoney IBM Compatible MS-DOS collection. The 2400b number there is (414)789-4210. From there it should spread pretty rapidly across the BBS landscape of the U.S. and Canada, parallelling the FidoNet diffusion. Both PGP zipfiles have also been uploaded to BIX (Byte Information Exchange). To download them: After signon, type "LISTINGS" Select option "1" (category) Type "SECURITY" Select option "6" (download) Type "PGP20.ZIP" (or "PGP20SRC.ZIP") The Northern Lights BBS in Troy, NY, has both PGP20.ZIP and the source code, renamed to pgp20src.tar.Z for compatibility with Unix, for free download. Call (518) 237-2163 at 300-2400 bps 8N1 24 hours a day. Then login directly to the pgp account as follows: tnllogin: pgp Password: key and help yourselves. Thanks to Daniel Ray of tnl for this fine service. Another private BBS from which you can obtain PGP for the simple price of the long-distance call time is the Grapevine BBS, the largest BBS in Arkansas. It's run by John Eichler in Little Rock. He sent me the following information for your edification and enlightenment: > The GRAPEVINE BBS in Little Rock is the largest BBS in Arkansas. To > help people obtain a copy of PGP20, the GRAPEVINE has set up a special > account for this purpose. The following phone numbers are applicable > and should be dialed in the order presented (i.e., the top one first > since it is the highest speed line). > > (501) 753-6859 > (501) 753-8121 > (501) 791-0124 > (501) 753-4428 > (501) 791-0125 > > When asked to login use the following information. > > name: PGP USER ('PGP' is 1st name, 'USER' is 2nd name) > password: PGP > > There is a special menu which one gets which shows the following > programs to be available. > > pgp20.zip > pgp20src.zip > pgp20os2.zip > pkz110.exe > > Should you have any questions e-mail either me > (john.eichler@grapevine.lrk.ar.us) or the Sysop of the BBS whose address > is jim.wenzel@grapevine.lrk.ar.us. -- Thanks, John! Good news! PGP has been ported to the Apple Macintosh (a nontrivial feat)! The following note is from Zig Fiedorowicz, the implementer: "A Macintosh port of PGP 2.0 has been placed in the /mac/util/encryption directory of mac.archive.umich.edu. It has a modest Macintosh interface. It has not been tested extensively and should be considered a beta version. Bug reports are welcome. More work on MacPGP is planned and later versions will be more widely distributed." --Zig Fiedorowicz (zigf@mps.ohio-state.edu) The Mac version has also been posted at the following sites: plaza.aarnet.edu.au /micros/mac/umich/util/encryption/macpgp2.0.sit.hqx pencil.cs.missouri.edu /pub/crypt/macpgp2.0.sit.hqx wuarchive.wustl.edu /mirrors3/archive.umich.edu/mac/util/encryption/macpgp2.0.sit.hqx src.doc.ic.ac.uk /computing/systems/mac/umich/util/encryption/macpgp2.0.sit.hqx.Z If none of these sites do it for you, let me know. Film at 11. Best regards! -=- Hugh P.S.: If you come across sites where it's posted -- especially FREE ACCESS sites -- please drop me a line (info-pgp-request@lucpul.it.luc.edu). I'd like to maintain a current list as part of a PGP FAQ list. Thanks! P.P.S.: This will be the last revision of the sites message until the appearance of version PGP 2.1, expected sometime in the next few weeks. -- Hugh Miller | Dept. of Philosophy | Loyola University of Chicago Voice: 312-508-2727 | FAX: 312-508-2292 | hmiller@lucpul.it.luc.edu =-=-=-=-=-= Newsgroups: alt.security.pgp From: cbbrowne@csi.uottawa.ca (Christopher Browne) Subject: Re: PGP 2.0 sites list Date: Sun, 22 Nov 92 22:55:11 GMT In article hmiller@lucpul.it.luc.edu (Hugh Miller) writes: >many if not most Canadian and U.S. nodes carrying SDN software. >Sorry: not on FidoNet nodes outside the U.S. or Canada yet; U.S. >crypto export laws are strict and their enforcement is humorless. >(Odd that U.S. export laws treat Canada as part of the U.S., eh? >Jumping the gun by a few years there, aren't we?) Interestingly, the patent restrictions that could be of danger to users in the US seem not to apply in Canada. Canadians can't export PGP out of North America, but it does look like they can use it with relative impunity. >Look for a local node near you. On the Internet, there are many sites >to try for anonymous ftp: >... > ftp.uni-kl.de (131.246.9.95) > /pub/atari/incoming/pgp20.zip (Atari binary) > /pub/atari/incoming/pgp20src.zip This information is outdated; PGP is no longer available there. And pgp20.zip was actually the IBM binaries, and not the Atari version; it would be of great interest to ST users to find an actual site where TOS binaries are available. I've had it running under MiNT, and have had a number of requests for a TOS version, which I haven't been able to satisfy, due to a lack of debugging time as well as (in one case) export restrictions. Could someone from uni-kl (Stephen Neuhaus, perhaps?) see about publicising some German site where binaries are available? 'Twould be greatly appreciated! -- Christopher Browne | PGP 2.0 key available cbbrowne@csi.uottawa.ca |=================================== University of Ottawa | The Personal Computer: Colt 45 Master of System Science Program | of the Information Frontier =-=-=-=-=-= From: dswartz@sw.stratus.com (Dan Swartzendruber) Newsgroups: alt.security.pgp Subject: MacPgp Date: 21 Nov 92 19:42:52 GMT I'm a little confused on how to get this to work. When I try to create a key, it asks me some questions and then finally tells me it's going to generate a key by timing my typing of random characters and I should stop when I hear the beep. There are a couple of problems: 1. If I try to type at anything more than a trivial speed, the keystrokes are rejected with the system beep. 2. It doesn't ever seem to terminate. I've left it sitting there waiting for 5 minutes with no change. Am I missing something? -- #include Dan S. =-=-=-=-=-= From: fiedorow@function.mps.ohio-state.edu (Zbigniew Fiedorowicz) Newsgroups: alt.security.pgp Subject: Re: MacPgp Date: 23 Nov 1992 12:00:44 -0500 dswartz@sw.stratus.com (Dan Swartzendruber) writes: >I'm a little confused on how to get this to work. When I try to create a key >............................................................................. >of random characters and I should stop when I hear the beep. I'm the author of MacPGP and am sorry for the confusion. The above message is inaccurate. You should continue typing until PGP writes the following message to the console: -Enough, thank you. I am using the portable code to measure keystroke timing, which is inadequate to keep up with a good touch typist. So you must type a lot (>4 full lines) and slowly to generate enough random data for a 1024 bit key. Moreover once you finish typing enough characters, depending on your hardware, it will take a long to LONG time to actually generate a key. On a Quadra it will probably take <10 minutes, whereas on a Mac Plus it may take several hours for a 1024 bit key. During the period when MacPGP is computing a key (but not when timing keystroke intervals) MacPGP calls WaitNextEvent repeatedly to allow you to switch PGP to the background or to cancel key generation with command-period. I am planning to improve some of these aspects of MacPGP's performance in a forthcoming version. Cheers, Zig Fiedorowicz =-=-=-=-=-= Newsgroups: alt.security.pgp From: ematias@explorer.dgp (Edgar Matias) Subject: Re: MacPgp Date: 23 Nov 92 03:58:28 GMT I ftp'd MacPGP from mac.archive.umich.edu but couldn't get StuffIt Classic to unstuff it. Anyone else out there have a similar problem? Edgar -- Edgar Matias Input Research Group University of Toronto -- I speak for no one... =-=-=-=-=-= From: fiedorow@function.mps.ohio-state.edu (Zbigniew Fiedorowicz) Newsgroups: alt.security.pgp Subject: Re: MacPgp Date: 23 Nov 1992 12:09:08 -0500 Edgar Matias (ematias@explorer.dgp) writes: >I ftp'd MacPGP from mac.archive.umich.edu but couldn't get StuffIt Classic >to unstuff it. Anyone else out there have a similar problem? That's because MacPGP is compressed using the latest Stuffit compression scheme, unknown to Stuffit Classic. Get Stuffit Expander from any of the standard mac ftp archives. Cheers, Zig Fiedorowicz =-=-=-=-=-= Newsgroups: alt.security.pgp From: tcmay@netcom.com (Timothy C. May) Subject: Re: MacPgp Date: Mon, 23 Nov 1992 07:27:01 GMT Edgar Matias (ematias@explorer.dgp) wrote: : : I ftp'd MacPGP from mac.archive.umich.edu but couldn't get StuffIt Classic : to unstuff it. Anyone else out there have a similar problem? : I had the same problems--I first ran BinHex 5.0 (to convert the .hqx file to a .sit file) and then tried to unstuff it. It wouldn't even show up in StuffIt's file selection menu. Then I tried BinHex 4.0 and UnstuffIt and it all worked. I suspect it was the BinHex 4.0 that made the difference. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | PGP Public Key: by arrangement. =-=-=-=-=-= From: nonsenso@utopia.hacktic.nl (Felipe Rodriquez) Newsgroups: alt.security.pgp Subject: PGP 2.0 sites-list Date: Mon, 23 Nov 92 19:40:12 GMT > PGP v. 2.0 is gradually making its way out into the electronic world. It >has been posted to the FidoNet Software Distribution Network and should up on >many if not most Canadian and U.S. nodes carrying SDN software. Sorry: not on >FidoNet nodes outside the U.S. or Canada yet; U.S. crypto export laws are >strict and their enforcement is humorless. (Odd that U.S. export laws treat >Canada as part of the U.S., eh? Jumping the gun by a few years there, aren't >we?) Look for a local node near you. On the Internet, there are many sites >to try for anonymous ftp: I have personally uploaded the PGP sdn package to all european SDM backbones. It should have been distributed through the SDN network here, as it was in the states. This was 2 months ago :-) -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.0 mQCNAiqrg5sAAAEEANyzAvOLI+VZYd5hen0Lme/eyasVrZVLMLYU7vvKTq6GIwtE Rypu9aZyEAVE6hy896JLR58IxYDVRCwY7Bwcp9sFdoTPXDrEEcSkA3Vdt5uiQh5u h7nfRXG9rVEcw9FYKHkvbPZMNfRVW71hKlZM+QweHNcFYsyz+TjMMcKgfAL5AAUR tC1GZWxpcGUgUm9kcmlxdWV6IDxub25zZW5zb0B1dG9waWEuaGFja3RpYy5ubD4= =q/if =-=-=-=-=-= Newsgroups: alt.security.pgp From: neuhaus@vier.informatik.uni-kl.de (Stephan Neuhaus (HiWi Mattern)) Subject: Re: PGP 2.0 sites list Date: Tue, 24 Nov 1992 14:33:26 GMT cbbrowne@csi.uottawa.ca (Christopher Browne) writes: >In article hmiller@lucpul.it.luc.edu (Hugh Miller) writes: >>Look for a local node near you. On the Internet, there are many sites >>to try for anonymous ftp: >>... >> ftp.uni-kl.de (131.246.9.95) >> /pub/atari/incoming/pgp20.zip (Atari binary) >> /pub/atari/incoming/pgp20src.zip >This information is outdated; PGP is no longer available there. And >pgp20.zip was actually the IBM binaries, and not the Atari version; Right, I just looked. I don't know what has happened to them; I guess they just got deleted. Somehow I nuked my copy of pgp20src.zip, but I still have a homemade pgp-2.0.tar.Z and pgp20.zip. These contain, as you said, the MSDOS binaries. I would like to create a TOS version (as compared to a MiNT version) but I have recently bought a SUN 3 and needed a hard disk... Therefore: No development on or for the ST anymore. I only have my own Atari executable, which runs under MiNT. >Could someone from uni-kl (Stephen Neuhaus, perhaps?) see about >publicising some German site where binaries are available? 'Twould be >greatly appreciated! Hmmm... Without archie to help, this task is beyond my means. And I have already received requests from Germans who couldn't get a TOS version. If any of you have any ideas, please drop me a note and I'll see what I can do. On top of my head, I don't know any archive sites with pure TOS binaries. For the moment, I'll upload the MSDOS binaries and Unix-style sources (ASCII 10 newline delimiters instead of ASCII 13/10) pgp-2.0.tar.Z into pub/atari/incoming again. This time, I'll notify the ftp admin, promise... :-) Tomorrow, I'll also upload the MiNT binary into the same directory. So, if you need either Unix-style sources, MSDOS executables, or MiNT executables, ftp to ftp.uni-kl.de and look in pub/atari/incoming for anything that begins with pgp. Note: The Atari subdirectory and its subdirectories are world writable. If I have the time, I'll compute a signature and any sufficiently paranoid signature can get it from me, either on paper, by voice or (least secure) by email. Have fun. -- Stephan sig closed for inventory. Please leave your pickaxe outside. PGP 2.0 public key available on request. Note the expiration date. =-=-=-=-=-= Newsgroups: alt.security.pgp From: neuhaus@vier.informatik.uni-kl.de (Stephan Neuhaus (HiWi Mattern)) Subject: Re: PGP 2.0 sites list Date: Tue, 24 Nov 1992 16:05:29 GMT neuhaus@vier.informatik.uni-kl.de (Stephan Neuhaus (HiWi Mattern)) writes: >If I have the time, I'll compute a signature and any >sufficiently paranoid signature can get it from me, either on paper, >by voice or (least secure) by email. What in hell was I thinking when I wrote about a ``sufficiently paranoid signature''? I meant ``sufficiently paranoid person'', of course! I had intended to be funny, and funny I was, even beyond my wildest dreams! >Have fun. That still holds, especially after reading this particularly delightful typo. Have fun. -- Stephan sig closed for inventory. Please leave your pickaxe outside. PGP 2.0 public key available on request. Note the expiration date. =-=-=-=-=-= Newsgroups: alt.security.pgp From: whitaker@eternity.demon.co.uk (Russell Earl Whitaker) Subject: Re: PGP 2.0 sites list Date: Mon, 23 Nov 1992 21:00:16 +0000 Also add to your list: /pub/ibmpc/pgp/pgp20.zip at gate.demon.co.uk -- Russell Earl Whitaker whitaker@eternity.demon.co.uk Communications Editor 71750.2413@compuserve.com EXTROPY: The Journal of Transhumanist Thought AMiX: RWHITAKER Board member, Extropy Institute (ExI) ================ PGP 2.0 public key available ======================= =-=-=-=-=-= From: mathew Newsgroups: alt.security.pgp Subject: Re: MacPgp Date: Wed, 25 Nov 92 17:01:49 GMT dswartz@sw.stratus.com (Dan Swartzendruber) writes: > 1. If I try to type at anything more than a trivial speed, the keystrokes are > with the system beep. Yes. Type VERY VERY SLOWLY. > 2. It doesn't ever seem to terminate. I've left it sitting there waiting for > with no change. Yup. It took ages on my Mac too. If you're running it on a Powerbook, as I was, make sure your Powerbook doesn't go into "power save" mode, which slows the machine down to 1/8 of the normal speed. > Am I missing something? Yes. MacPGP is VERY VERY SLOW. It took it several minutes to read my keyfile from my PC at work. I can easily believe that it takes more than five minutes to generate a key. Be careful when typing your password in, too. The program only seems to be able to cope with about two keystrokes per second. mathew =-=-=-=-=-= Newsgroups: alt.security.pgp,sci.crypt From: hmiller@lucpul.it.luc.edu (Hugh Miller) Subject: PGP vs. RIPEM Date: Thu, 26 Nov 1992 05:44:45 GMT I'm forwarding the following for Zhahai Stewart: ~Date: Mon, 23 Nov 92 17:14:36 PDT ~From: Zhahai.Stewart@f93.n104.z1.FIDONET.ORG (Zhahai Stewart) ~Subject: Some conceptual differences: PGP/PEM There seems to be some discussion regarding the relative merits of RIPEM and PGP; perhaps it would be worthwhile to explain why the two have different niches, and neither is likely to fill the other's niche well. RIPEM is compliant with the PEM standard (draft RFC). Its whole purpose in life is enhancing Internet email. The PEM standard is designed to be highly integrated into the Internet; this means that it is relatively more limited, and by being so limited it can do a good job at the one task it takes on. PGP is a very portable privacy system with many more features and a much broader scope. It could be used with many different forms of email, as well as for totally non mail oriented applications. As such, it does not integrate as well with Internet mail. Some examples of how this influences their conceptual design follow. PEM integrates much of the cryptographic information into Internet style headers; PGP uses a more compact and efficient system-independent binary packet data structure. PEM's email-plus design exposes more information for traffic analysis than does PGP's standalone design. A major point is that PEM has a quite different concept of "identity" than does pgp. A major concept in PEM is that an identity is a mailbox in the internet heirarchical form; keys are then certified (through a similar heirarchy of organizations propagating trust from on high) as being connected to this "mailbox identity". This design makes a lot of sense from the Internet sense (domain heirarchies being already integral to the Internet conceptual model). PGP follows a different drummer, with different strengths and weaknesses. The fundamental concept of identity is the keypair itself. This is sufficiently different to deserve some background. Consider that one could correspond securely for years with some "entity" (generally another human being) without ever knowing "who" they were. What you do know is that the same "entity" read and wrote those many messages you have exchanged; nobody else can pretend to be them (or you), and nobody else can eavestap on your interchanges. Their public key is in effect an unforgeable "handle" by which you know them. Over the years,you might use various mailboxes, usernames, networks, and even different media, yet you know it's still the same person. This is as solid a thread of "identity continuity" as you can get in the electronic world, and so it forms the basis of the concept of "identity" for PGP. We don't like to refer to each other by 1000 bit numbers, tho, so PGP allows you to associate a key with a textual "userid". This could be a full legal name as it appears on a passport. It could be a nickname or "handle". It could be a login or user name on a given system (including an Internet mailbox address). It could be all the information on your drivers license, complete with number. It could be your postal address. The point is that the "identity" core is the key itself, and each userid is an independent secondary association with the key. And you can have many such secondary associations (for example, one or more of each of the above), each used in different contexts. Use the drivers license one to prove your age, assuming it is signed as visually verified by someone that the recipient trusts; use whichever email address is appropriate for the network on which you are communicating; etc. They can also vary over time; addresses change, drivers license numbers change, even names change, especially with marriage. Yet your identity remains the same; whoever possesses the secret key "is" the entity associated with it. Of course, the linkage or association of a key with a given userid string is only as meaningful as the signatures on that association. For a nickname, a self-signature is sufficient (if the keyholder signed it themselves, then you at least know "that's what they call themselves"). In general, you should always look for a self-signature, perhaps in addition to others, depending on context. For a legal name, as with a contract, a stronger outside signature may be needed; that is, the key to userid association should be signed by someone or some institution YOU know and trust. PGP has pretty powerful key management to support this type of decentralized trust decision making. Of course, the same person can have multiple keys if they wish; the choice of tying together various "userid strings" to a single key, or to separate keys, is up to the individual. If you want a nom-de-phosphor, with a separate key, you can easily manage that. These "userid" strings can be used for many purposes beside email addresses. Some were given above. Other examples could be certifying that the given person (whoever owns that key) is an employee of XYZ Corp., with an expiration date, and signed with the company key. This person could keep that signed userid on their keychain, and give out copies only when they wish to prove their association with XYZ corp. So PEM's fundamental concept of identity is the volatile one of "internet mailbox"; and a top down chain of official certification is used to verify the association between the (primary) mailbox and a (secondary) key. PGP's fundamental concept of identity is the key itself (which one may keep for many years), and the association with one or many email addresses, postal addresses, job associations, usernames, legal names, passpord or drivers license numbers, etc. are secondary, multiple, indepenent, extensible, and flexible. This permits a much wider range of application; individual control of which "aspects" of one's identity one wishes to disclose (by choosing which of one's multiple userids, and which signatures thereof, one gives to each person; and decentralized trust systems. This is a very important difference, much more than whether IDEA or DES is used for encryption (as these will change). PGP would lose a great deal if it were limited to Internet mail applications (conceptually). On the other hand, it loses some "application specific targeting" by not being limited to Internet mail. Each approach has its tradeoffs. PGP may nevertheless become more integrated with given mail software over time; it's not impossible to make it easier to use from within a given mail package, as easy as RIPEM even. Certainly, it will be much easier to migrate PGP into RIPEM's limited application scope than vice versa! Just don't ask for a "PEM compatible" form of PGP - it was designed for a different and larger scope; if you want PEM compatibility, use RIPEM or some other implementation. Implementing IDEA in RIPEM, or DES in PGP, wouldn't scratch the surface towards making them "compatible"; those are just details. The serious incompatibility is that they address different needs, and were both designed differently from the ground up so as to meet those needs. -- Zhahai Stewart - via ParaNet node 1:104/422 UUCP: !scicom!paranet!User_Name INTERNET: Zhahai.Stewart@f93.n104.z1.FIDONET.ORG ***** End Info-PGP Digest *****  Downloaded From P-80 International Information Systems 304-744-2253