Info-PGP: PGP Digest Wednesday 16 December 1992 Volume 2 : Number 3 Hugh Miller, List Manager / Moderator Info-PGP is a digested mailing list dedicated to discussion of Philip Zimmermann's `Pretty Good Privacy' (PGP) public-key encryption program for MS-DOS, Unix, VMS, Atari, Amiga, SPARC, Macintosh, and (hopefully) other operating systems. It is primarily intended for users on Internet sites without access to the `alt.security.pgp' newsgroup. Most submissions to alt.security.pgp will be saved to Info-PGP, as well as occasional relevant articles from sci.crypt or other newsgroups. Info-PGP will also contain mailings directed to the list address. To SUBSCRIBE to Info-PGP, please send a (polite) note to info-pgp-request@lucpul.it.luc.edu. This is not a mailserver; there is a human being on the other end, and bodiless messages with "Subject:" lines reading "SUBSCRIBE INFO-PGP" will be ignored until the sender develops manners. To SUBMIT material for posting to Info-PGP, please mail to info-pgp@lucpul.it.luc.edu. In both cases, PLEASE include your name and Internet "From:" address. Submissions will be posted pretty well as received, although the list maintainer / moderator reserves the right to omit redundant messages, trim bloated headers & .sigs, and other such minor piffle. I will not be able to acknowledge submissions, nor, I regret, will I be able to pass posts on to alt.security.pgp for those whose sites lack access. Due to U.S. export restrictions on cryptographic software, I regret that I cannot include postings containing actual source code (or compiled binaries) of same. For the time being at least I am including patches under the same ukase. I regret having to do this, but the law, howbeit unjust, is the law. If a European reader would like to handle that end of things, perhaps run a "Info-PGP-Code" digest or somesuch, maybe this little problem could be worked around. I have received a promise of some space on an anonymous-ftp'able Internet site for back issues of Info-PGP Digest. Full details as soon as they firm up. Oh, yes: ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; STANDARD DISCLAIMERS APPLY. Hugh Miller | Asst. Prof. of Philosophy | Loyola University Chicago FAX: 312-508-2292 | Voice: 312-508-2727 | hmiller@lucpul.it.luc.edu Signed PGP v.2.1 public key certificate available by e-mail & finger(1) =-=-=-=-=-= Newsgroups: sci.crypt,alt.security.pgp Path: lucpum.it.luc.edu!uchinews!linac!uwm.edu!zaphod.mps.ohio-state.edu!sdd.hp.com!think.com!spool.u!uunet!enterpoop.mit.edu!bloom-picayune.mit.edu!news.mit.edu!warlord From: warlord@MIT.EDU (Derek Atkins) Subject: Re: PKP/RSA comments on PGP legality Date: Sat, 12 Dec 1992 10:25:48 GMT In article <1galtnINNhn5@transfer.stratus.com> cme@ellisun.sw.stratus.com (Carl Ellison) writes: [I have since concluded that I would like to get a copy of the PGP interface spec so that I could write a program, using RSAREF, which interoperates with PGP. I see PGP as setting a kind of new standard format -- an alternative to PEM.] {other stuff deleted -- warlord} There are plans in the works, pending the new RSAREF license, to do just this! Please be patient, as there is no need to duplicate efforts! At least many people are thinking the same thing, so many people will be happy when it happens! Enjoy! -derek PGP 2 key available upon request, or via AFS: /afs/athena.mit.edu/user/w/a/warlord/pgp-pubkey.asc -- Derek Atkins -- MIT '93 -- Electrical Engineering --warlord@MIT.EDU | ..!mit-eddie!mit-athena!warlord | s20069@mitvma.bitnet Chairman, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group =-=-=-=-=-= From: strnlght@netcom.com (David Sternlight) Newsgroups: sci.crypt,alt.security.pgp Subject: Re: PKP/RSA comments on PGP legality Date: 12 Dec 92 19:22:10 GMT Derek Atkins says there are plans in the works to produce a "de novo" version of PGP using RSAREF, starting with the PGP interface specs. If that product is to be usable in the U.S., whoever does this is going to have to import IDEA legally, under the munitions act. Otherwise one would not be able to decrypt messages sent with the non-U.S. version, PGP 2.x. David =-=-=-=-=-= Newsgroups: alt.security.pgp,comp.sys.next.sysadmin Path: lucpum.it.luc.edu!uchinews!linac!pacific.mps.ohio-state.edu!zaphod.mps.ohio-state.edu!wupost!p1!news.cc.swarthmore.edu!ralph.cs.haverford.edu!eoliver From: eoliver@ralph.cs.haverford.edu (Erik Oliver) Subject: PGP v2.1 and NeXT Date: Sat, 12 Dec 1992 02:17:52 GMT After, having no luck getting PGP 2.0 to compile on the NeXT ( I didn't try too hard,) I was excited that 2.1 had special make settings for the NeXT. Unfortunately, they are wrong NeXT computers run MACH not BSD. Change, the makefile.unx line for next: to indicate MACH instead of BSD. The other problem occurs in the system.c source code file, the problem, the remove function defined in that file has a different prototype then the one defined in one of the standard header fiels that system.c includes, the solution add the word 'const' before the char *name variable in the remove function of system.c. These problems were extremely minor, and are easily fixable... -Erik (Public key available by finger.) =-=-=-=-=-= Newsgroups: alt.security.pgp,comp.sys.next.sysadmin Path: lucpum.it.luc.edu!uchinews!linac!uwm.edu!cs.utexas.edu!sun-barr!ames!haven.umd.edu!uunet!entermit.edu!bloom-picayune.mit.edu!news.mit.edu!warlord From: warlord@MIT.EDU (Derek Atkins) Subject: Re: PGP v2.1 and NeXT Date: Sat, 12 Dec 1992 07:12:49 GMT > Unfortunately, they are wrong NeXT computers run MACH not BSD. > Change, the makefile.unx line for next: to indicate MACH instead > of BSD. > > The other problem occurs in the system.c source code file, > the problem, the remove function defined in that file > has a different prototype then the one defined in one > of the standard header fiels that system.c includes, > the solution add the word 'const' before the char *name > variable in the remove function of system.c. First of all, the NeXT is neither Mach nor BSD! It is a BSD-ish UNIX signal server on top of Mach. This means that if you are writing a kernel driver you need to write it for mach, but if you are writing a user-level application you should write if for BSD. As far as PGP is concerned, its better to define BSD that not, since applications see a BSD interface. Yes, there is a problem in system.c: it forgets to include "usuals.h" and you have to change the #ifdef around memset, memcmp, and memcpy to be: #if defined(BSD) && !defined(NEXT) That is the ONLY changes that you should need to get PGP 2.1 to build on the NeXT platform. You SHOULD NOT change the makefile.unx as suggested. -derek -- Derek Atkins -- MIT '93 -- Electrical Engineering --warlord@MIT.EDU | ..!mit-eddie!mit-athena!warlord | s20069@mitvma.bitnet Chairman, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group =-=-=-=-=-= Newsgroups: alt.security.pgp,comp.sys.next.sysadmin Path: lucpum.it.luc.edu!uchinews!linac!uwm.edu!rpi!gatech!usenet.ins.cwru.edu!agate!netsys!ukma!montil!rich From: rich@pencil.cs.missouri.edu (Rich Winkel) Subject: Re: PGP v2.1 and NeXT Date: 12 Dec 92 08:55:42 GMT In warlord@MIT.EDU (Derek Atkins) writes: ]First of all, the NeXT is neither Mach nor BSD! It is a BSD-ish UNIX ]signal server on top of Mach. This means that if you are writing a ]kernel driver you need to write it for mach, but if you are writing a ]user-level application you should write if for BSD. As far as PGP is ]concerned, its better to define BSD that not, since applications see a ]BSD interface. ]Yes, there is a problem in system.c: it forgets to include "usuals.h" ]and you have to change the #ifdef around memset, memcmp, and memcpy to ]be: #if defined(BSD) && !defined(NEXT) ]That is the ONLY changes that you should need to get PGP 2.1 to build ]on the NeXT platform. You SHOULD NOT change the makefile.unx as ]suggested. Interestingly enough, I ONLY changed the makefile and it compiled fine on a next. I haven't exhaustively run it, but it passed all the tests suggested in setup.doc. What gives? Rich =-=-=-=-=-= Newsgroups: alt.security.pgp,comp.sys.next.sysadmin From: eoliver@ralph.cs.haverford.edu (Erik Oliver) Subject: Re: PGP v2.1 and NeXT Date: Sat, 12 Dec 1992 17:13:56 GMT In order to avoid a flame fest, let me point out the old adage: 'There is more than one way to skin a cat.' My version of PGP works, your versions of PGP work, clearly there are multiple ways to solve the non-compilation of PGP 2.1 on the next. The fact is, I am not sure which modification set is the best, but the modifications I made worked fine, so I'm happy with them. By posting I was just trying to let others know that the PGP 2.1 package wouldn't compile instantly with make on their NeXT, perhaps we should let the package author figure out what is most appropriate for PGP. And, I still stand by my claim that the NeXT is a Mach machine, but I can see how my statement was misinterptreted. I agree that the NeXT, has BSD interfaces and BSD programs, not SysV programs and SysV interfaces. But, at the core it is a Mach Kernel which is very different in its features and design than just saying BSD. -Erik =-=-=-=-=-= Newsgroups: alt.security.pgp From: eoliver@ralph.cs.haverford.edu (Erik Oliver) Subject: PGP v 2.1 w/ Unix Mail Date: Sat, 12 Dec 1992 02:38:58 GMT Okay, please excuse me if this is an FAQ, but how do I go about helping users use PGP to have the message hash appended correctly to outgoing messages. And also, how to handle incoming messages with the pgp message block. Thanks for any help, I've set followup's to me, but if it won't work for your mailer, send responses to eoliver@ralph.cs.haverford.edu -Erik =-=-=-=-=-= Newsgroups: sci.crypt,alt.security.pgp From: wcs@anchor.ho.att.com (Bill Stewart +1-908-949-0705) Subject: Re: PKP/RSA comments on PGP legality Date: Sun, 13 Dec 1992 05:20:27 GMT In article <1992Dec12.192210.10839@netcom.com> strnlght@netcom.com (David Sternlight) writes: Derek Atkins says there are plans in the works to produce a "de novo" version of PGP using RSAREF, starting with the PGP interface specs. If that product is to be usable in the U.S., whoever does this is going to have to import IDEA legally, under the munitions act. Otherwise one would not be able to decrypt messages sent with the non-U.S. version, PGP 2.x. I'm not a lawyer (though I play a politician on TV :-), but there's a difference between crypto *software*, which may be covered by the munitions export/import laws, and the mathematical *algorithms*, which probably aren't - they can be published in the Federal Register (e.g. DES) or technical journals and imported and exported without restrictions. So all we'd need to do would be implement IDEA in software in the US. On the other hand, do the folks who own the patent for IDEA in Switzerland also have patent protection here? -- # Pray for peace; Bill # Bill Stewart 908-949-0705 wcs@anchor.att.com AT&T Bell Labs 4M312 Holmdel NJ # Nov 12 - Anniversary of Indonesian massacre in East Timor, 1991 # Indonesia first invaded in 1975, and about 1/3 of the people have been killed. =-=-=-=-=-= Date: 13 Dec 1992 16:37:32 -0800 From: The Electronic Messiah To: info-pgp@lucpul.it.luc.edu Greets all...I was wondering where I might obtain the PGP source code for the (Gasp) VAX/VMS operating system? =-=-=-=-=-= To: hmiller@lucpul.it.luc.edu From: Harry Bush Message-Id: <2B2BAB6D@castle.riga.lv> Date: Sun, 13 Dec 1992 16:30:21 +0300 ================================================================== * Forwarded by: Harry Bush (2:495/28) * From Area: INTL.PGP (INTL Pretty Good Privacy Discussions) * Originally From: Harry Bush, 2:495/28 * Originally To: All * Originally dated: Saturday December 05 1992 05:14 * Subj: PGP Supporting Sites ================================================================== Hello All! IMHO it will be good to make a list of PGP Supporting Sites, at least on the territory reachable by FTN technology and INTL.PGP :-) Please add to this list your info. I know for sure that Peter Suchkow in St.Petersburg and Zygimantas Cepaitis in Kaunas, Lithuania have their PGP Supporting Sites. Next step perhaps will be establishing a networking scheme for key distribution (and maybe other purposes :-) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= LATVIA: 2:495/21,Castle,Riga,Egons_Bush,7-0132-223986,9600,XA,CM,MO, V33,V32B,V42B,V29,ZYX AKA Egons@Castle.riga.lv 2:495/28,Info-Shelter,Iecava_Latvia,Harry_Bush,7-01339-41176, 9600,XX,MO,V33,V32B,V42B,V29,ZYX AKA Harry@castle.riga.lv Both nodes have ZyXEL U-1496E+ modems supporting speed up to 16800 baud. No dialog permitted, mail only. Castle is CM but quite busy node. Info-Shelter is almost CM and not so busy, excluding several regular periods which can be discussed using netmail. FREQ-able Castle Public Keyring is common and mirrored by both nodes. Keys can be accepted and added to keyring on conditions identical to pgp-keys@utopia.hactic.nl , in general that means that keys should be certified and we do not provide certification exept in case of physical presence of owner. INTL.PGP echo, INFO-PGP digests and sci.crypt conference gated from Usenet is available. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Best wishes, Harry Saturday December 05 1992 05:14 --- Golded 2.40.P0720+ via D'Bridge 1.50 * Origin: Info-Shelter, PGP Supporting Site (2:495/28) =-=-=-=-=-= Newsgroups: sci.crypt,alt.security.pgp From: strnlght@netcom.com (David Sternlight) Subject: Re: PKP/RSA comments on PGP legality Date: Sun, 13 Dec 1992 06:31:11 GMT Bill Stewart argues that the IDEA algorithm isn't covered by the Munitions Act provisions. Though I hope he's right, I'm not so sure. I think the Munitions Act covers cryptographic methods. Second, his contention that DES was published in the Federal Register isn't quite accurate. As I understand it, the details of the S-boxes were not (though they can, I suppose be gotten via decompiling or examining source code), yet without them one could not implement DES and thus they are an essential part of the algorithm, in Bill's terms. Please understand that I'm not trying to argue in a partisan manner here, but to arrive at an understanding of what's so. David =-=-=-=-=-= From: boyd@acsu.buffalo.edu (Daniel F Boyd) Newsgroups: sci.crypt,alt.security.pgp Subject: Re: PKP/RSA comments on PGP legality Date: 13 Dec 92 16:57:08 GMT In article <1992Dec13.063111.26607@netcom.com> strnlght@netcom.com (David Sternlight) writes: > As I understand it, the details of the S-boxes were not [published > in the Federal Register] (though they can, I suppose be gotten via > decompiling or examining source code), yet without them one could > not implement DES and thus they are an essential part of the > algorithm, in Bill's terms. You're right in the particulars, but very wrong in general. The Federal Register is the listing of all the regulations that the government has made. When they change the food-labeling laws so that "Monosodium Glutamate" must always be written in 12-point Palatino Bold -- the Federal Register is where it gets listed. They wouldn't publish DES there in any case because it's not where it goes. The DES algorithm is published in a FIPS PUB, which you can get from the government printing office. And the GPO will send it anywhere, worldwide. They would send it out even if the address is "KGB Headquarters, Lubyanka, Moscow" (assuming the KGB's check doesn't bounce -- possibly an unwarranted assumption). There is NO need to disassemble software or examine microchips under a microscope in order to reimplement DES. You can look it up in any technical library -- probably even the Moscow University library. It's a PUBLIC algorithm. Why it's still illegal to export DES chips is a mystery to me; the ones you buy all say "Malaysia" on them anyway... -- Daniel F. Boyd -- boyd@cs.buffalo.edu -a +X -x -e -m -S -F"> " ---------------------------------------------------------------------- ((lambda (x) (list x (list (quote quote) x))) (quote (lambda (x) (list x (list (quote quote) x))))) =-=-=-=-=-= Newsgroups: sci.crypt,alt.security.pgp From: strnlght@netcom.com (David Sternlight) Subject: Re: PKP/RSA comments on PGP legality Date: Sun, 13 Dec 1992 19:21:49 GMT Thanks to the many who clarified my understanding of the legalities of this issue, both publicly and privately. My latest state of understanding (but I'm open to even more) is that DES was published. More than that, it's that there's a footnoted exemption in the Export List (Commerce Dept.? State Dept.?) for technological exports which have been published in scholarly journals (the explanation I was given has something to do with the conflict between the Munitions Act and the First Amendment). It's also been claimed by one correspondent that a)IDEA has been published and b)the above footnote exemption would mean that the IDEA component of PGP wouldn't provide a basis for proceeding against PGP under the Munitions Act. Whether PGP as a whole could be construed as different from its ancestral parts (RSA, IDEA) which have been published and are thus presumably covered under the exemption footnote is as yet unclear to me. Finally, the issue of PGP being a violation of RSA/PKP's patents remains, though the suggestion of an RSAREF version is certainly an interesting one. David =-=-=-=-=-= Newsgroups: sci.crypt,alt.security.pgp From: wcs@anchor.ho.att.com (Bill Stewart +1-908-949-0705) Subject: Re: PKP/RSA comments on PGP legality Date: Mon, 14 Dec 1992 00:28:05 GMT In article <1992Dec13.192149.8211@netcom.com> strnlght@netcom.com (David Sternlight) writes: My latest state of understanding (but I'm open to even more) is that DES was published. More than that, it's that there's a footnoted exemption in the Export List (Commerce Dept.? State Dept.?) for technological exports which have been published in scholarly journals (the explanation I was given has something to do with the conflict between the Munitions Act and the First Amendment). It's also been claimed by one correspondent that a)IDEA has been published and b)the above footnote exemption would mean that the IDEA component of PGP wouldn't provide a basis for proceeding against PGP under the Munitions Act. If I'm the correcpondent you mean, I *didn't* say that the IDEA component of PGP wouldn't provide a basis for government action against it - I said there's a difference between algorithms (which the government doesn't seem to currently class as munitions) and *implementations* of algorithms (which unfortunately they do), and that if we wanted a legal-for-use-in-USA version of PGP, we could use the IDEA algorithm but we'd have to implement it here. (And, of course, we'd have to find out if the Swiss patent owners have a patent in the US or would be nice enough to let us use it free.) .... so we'll need to find a paper journal article, or have it posted in alt.journals.scholarly.obscure from some site in Finland .... :-) -- # Pray for peace; Bill # Bill Stewart 908-949-0705 wcs@anchor.att.com AT&T Bell Labs 4M312 Holmdel NJ # Nov 12 - Anniversary of Indonesian massacre in East Timor, 1991 # Indonesia first invaded in 1975, and about 1/3 of the people have been killed. =-=-=-=-=-= Newsgroups: sci.crypt,alt.security.pgp From: strnlght@netcom.com (David Sternlight) Subject: Re: PKP/RSA comments on PGP legality Date: Mon, 14 Dec 1992 01:41:18 GMT Bill Stewart corrects my understanding of PGP and IDEA (thanks), which suggests that troubles for possession and/or use of PGP2.x in the U.S. can also come from the Munitions Act since PGP is based on an import of the IDEA implementation, rather than domestic coding of the IDEA algorithm. If my understanding is now accurate that PGP2.x violates both the Munitions Act and PKP's patents, and that this violation is occasioned not just by use but also by possession in the U.S., then it would seem prudent to get it off one's U.S. computers and any U.S. net sites--Internet, Usenet, Fidonet, anynet. Presence on a bulletin board system may be just what someone needs to close down that system. As for the argument that some make that "you" will probably neither get caught nor prosecuted for this illegality, the ethics of that position are open to the most serious questions (assuming my understanding of the underlying situation is accurate). Finally, given my understanding, the notion that if it's uploaded all over the place, what can "they" do seems to betray a lack of both realism and ethics. Try the argument that if lots of people take cocaine, what can "they" do? to see this. The proposal to produce a de novo version here in the U.S., based on the IDEA algorithm (if published and the IDEA folks permit it), and RSAREF (assuming RSA will license RSAREF for PGP), in contrast seems both ethical and legal, if I understand this correctly. Just a passing point on the latter paragraph--people shouldn't count their RSAREFs 'til they're hatched. RSA still owns RSAREF, and though they've licensed it, with a specific associated agreeement, for ripem, that doesn't mean they HAVE to license it for a future PGP. Whoever is doing this "legal PGP" project should check with Jim Bidzos of RSA at their earliest opportunity (jim@rsa.com). For completeness and to acknowledge a particular position (with which I disagree), some feel that it's absurd to prevent use of something here that's widespread in Europe, and are willing to take a chance in order to press that. Others feel that PKP's patents are over-broad and are willing to confront on that issue. That's got to be an individual and conscious choice, which should be made clear to others, so nobody gets or uses PGP under the impression it's "o.k." My own position is that if one thinks a law or situation is incorrect, one moves to get it changed, if possible. One does not take the law into one's own hands. One particularly doesn't take innocent bystanders down with one. Any more bidding on this one before I conclude I now understand it? =-=-=-=-=-= Newsgroups: alt.security,sci.crypt,talk.politics.guns,talk.politics.misc,alt.security.pgp From: s0rah@exnet.co.uk (R A Hollands) Subject: Re: PGP v. 2.1 Released Date: Sun, 13 Dec 1992 15:23:26 GMT Thanks to all those who replied about my problem getting an uncorrupted version of PGP 2.1. What I did finally: 1 got uuencoded file in five parts; 2 joined them: cat aa ab ac ad ae >pgp.uue; 3 edited out the mail headers; 4 uudecode pgp.uue; 5 downloaded it; (set fil typ bin - Yeah!) 6 unzipped it. What I did before: 2-4 replaced by: - edit out headers; - cat aa ab ac ad ae | uudecode. Is this different? I don't get it. Perhaps all you old usenet/unix hands are clanking your zimmers and rattling your cocoa mugs and saying, "He! he! see what he did!". If so, I'd like to share the joke. Thanks again for the prompt responses. Richard ~A =-=-=-=-=-= Newsgroups: alt.security.pgp,alt.security,sci.crypt,talk.politics.misc,talk.politics.guns From: hallam@zeus02.desy.de (Phill Hallam-Baker) Subject: Re: PGP v. 2.1 Released Date: Mon, 14 Dec 1992 09:37:38 GMT In article <1992Dec10.185107.10925@netcom.com>, strnlght@netcom.com (David Sternlight) writes: |>I have mixed feelings about Uri's message. |> |>Until the legal status is resolved, one might wish to get rid of the |>PGP "tags" which are overt confirmation that one is using a public key |>system. On the other hand, I disagree in the sense that if unlicensed |>use of public key systems REALLY IS a violation of law (not "is |>asserted to be by PKP")--for example after a court case--then his |>suggestions is tantamount to publicly advocating the concealing of a |>legal violation, which I cannot support. |> |>If one feels PKP is over-broad in their claims, the way to deal with |>this is by direct resolution. If one feels PKP is legally on firm ground |>but thinks there "shouldn't be" patent protection for software, or some |>such, again the way to deal with this is by trying to get the law changed. |>I'm not one who supports illegal acts in the face of what one thinks |>is unfairness. There is nbo such thing as a Patent for software in Europe. PKP's claim has no validity here. Nor for that matter do the restrictions of the FBI. |>Finally, I trust the police and intelligence agencies of our |>government. They are not a bunch of fascists out to get the innocent, |>as some messages sometimes imply, but hard-working fellow-Americans |>trying to do a very difficult job. Yes, there have been, and may |>continue to be some individual abuses, sometimes by senior people, but |>the way to deal with that is via strong internal and external |>watchdogs, and by clear definition of what is, and isn't to be |>permitted. Yeah like MI5 went and bugged their Prime Minister, sure you can trust the CIA and FBI, hell they are American, makes a difference you know. -- Phill Hallam-Baker =-=-=-=-=-= Newsgroups: alt.security,sci.crypt,talk.politics.guns,talk.politics.misc,alt.security.pgp From: neuhaus@vier.informatik.uni-kl.de (Stephan Neuhaus (HiWi Mattern)) Subject: Re: PGP v. 2.1 Released Date: Mon, 14 Dec 1992 10:29:23 GMT Marc VanHeyningen writes: >Unfortunately, it's >possible that a distributor could be found responsible if someone >outside the U.S. gets the code from him. That is precisely the reason why I oppose the PEM RFCs. There is no way that a worldwide software distribution can be created that uses RSAREF, without it violating export laws. And how good is an Internet standard if it's US-centric? The Internet consists of more than the US. Please RSADSI and PKP, consider that, too. You might force all US netters to use RIPEM, but the rest of the world will probably use PGP. Have fun. -- Stephan sig closed for inventory. Please leave your pickaxe outside. PGP 2.1 public key available on request. Note the expiration date. =-=-=-=-=-= From: palmer@icat.larc.nasa.gov (Michael T. Palmer) Newsgroups: alt.security,sci.crypt,talk.politics.guns,talk.politics.misc,alt.security.pgp Subject: Re: PGP v. 2.1 Released Date: 14 Dec 92 12:26:57 GMT Marc VanHeyningen writes: >Thus said palmer@icat.larc.nasa.gov (Michael T. Palmer): >>cme@ellisun.sw.stratus.com (Carl Ellison) writes: >> >>>Sounds like a good reason to switch from PGP to RIPEM. >> >>Okay, could you please point us to where we can find a PGP-type program >>that uses RIPEM? I would love to not have to even *consider* patent stuff >>when using a crypt program. >Since you're posting from a .gov site, I think you don't have worries in >that regard. Well... it's not like I would necessarily be using it for work-related uses, except maybe for protecting company proprietary data. I was more interested in crypt programs for protecting PERSONAL privacy (on my OWN equipment). >Also, RIPEM IS NOT YET WIDELY AVAILABLE. It is in use by a small number >of beta testers, who have been asked not to redistribute it further. It >is not on any public FTP site that I know of, nor should it be. Thank you for clearing this up. Someone else on the net (I believe it was David Sternlight) also mentioned this to me a while back, but since so many recent posts recommended switching to RIPEM, it seemed to me (and many others, I guess) that the program was now widely available. >I really wish RIPEM's beta testers would stop advocating its use as >though you could get it and use it today. It will be soon. It's not >now (or, if it is, it's against the express wishes of the author.) I agree. For those of us without access to RIPEM, it's quite frustrating to be told we should switch to a program we can't even get our hands on yet, and away from a program that works now (even though the legality of use is still being debated). -- Michael T. Palmer, M/S 152, NASA Langley Research Center, Hampton, VA 23681 Voice: 804-864-2044, FAX: 804-864-7793, Email: m.t.palmer@larc.nasa.gov PGP 2.0 Public Key now available -- Consider it an envelope for your e-mail ***** End Info-PGP Digest *****