From: Lloyd Warren Area: Public Key Encryption To: Christopher Baker 14 Aug 94 05:16:00 Subject: Pkey_drop Chris... The bbs I read this group from doesn't seem to have the PKEY_DROP echo, nor do I find "any" keyring files. Do you echo to and/or retrieve from any Internet sites reachable via anonymous ftp? I use NOVALINK.COM for ftp, archie, most net-mail (lwarren@novalink.com), etc. This bbs is normally used only to grab a few non-internet echos and local mail. Thanks lcw --- ATP/DJgcc 1.42 201434369420143436942014343694201434369420143436942014343694718 From: Lloyd Warren Area: Public Key Encryption To: Jason Carr 14 Aug 94 05:16:00 Subject: Message Signatures Jason... Please excuse the over-quote, but I wanted to be certain that my comment is referenced to the correct message as both of you make excellent points here. Shawn McMahon, In a message on 11 August, to Jason Carr, wrote : SM> SM> SM> -----BEGIN PGP SIGNED MESSAGE----- SM> SM> Despite the stern warnings of the tribal elders, jason carr said this to SM> McMahon: SM> jc> I'm just saying (perhaps with moderator's bias) that it's polite SM> jc> to ask first. SM> SM> Jason, it'd be polite to send netmail asking if you could post ANYTHING i SM> echo before you ever post it. SM> It'd also be quite silly. SM> SM> Do you really want the assumption to be "can't sign my messages, unless t SM> differently?" SM> Me, I'd rather the assumption be "can sign my messages, unless told SM> differently." SM> That can't, and SHOULDN'T, be done through Policy. The only way it'll ev SM> happen is if a large number of people start routinely signing their messa SM> SM> Signing echomail is not something to which there is legitimate objection; SM> therefore, you should treat it like you would the word "gnarly." If a SM> moderator wants to object to you using "gnarly" in his echo, that's his r SM> but it doesn't mean that, once it happens, you should ask the moderators SM> every other echo for permission before you use the word again. SM> SM> The same is true of clear-signing your messages. Would you ask somebody' SM> permission before you scrawled your signature on the bottom of a note you SM> placed on a real-world cork bulletin board? No, of course not. However, SM> the owner of that board asked you to stop signing your notes, you'd certa SM> do it. The same is true of digital sigs. SM> Yes, moderators own their echoes, and yes, they have every right to throw SM> out if you refuse to follow their instructions. But it's not your obliga SM> to find out what changes are going to be made in those instructions on th SM> of the moment. If that echo doesn't publish a rule against signing messa SM> then it doesn't HAVE one. You're under no obligation to live by a rule t SM> might exist at some future date. SM> SM> -----BEGIN PGP SIGNATURE----- SM> Version: 2.6 SM> SM> iQCVAgUBLkoHdebJC2KuabptAQHmGQP/QGtA0VPKpinW4ta9HbirYLar6JIIYYc0 SM> sPjWds6mkmC+SfIawSfeYATiPXR4S7bsBxnEvhycNhiMM0+CmwI1hsCybfJGledP SM> lf5Z52eMQS2MUuu4XNkUKFGPzrB5yvOW6lWp2oNcxGHXBVnOSOFlMMrcGj9qbeGQ SM> bzWeHrrUyTk= SM> =a7mB SM> -----END PGP SIGNATURE----- SM> SM> --- Sqed/32 0.96/r15029 SM> * Origin: Void Where Prohibited/2 (1:19/34) I just wanted to point out a potential problem that I have noticed (that doesn't occur here) that might ought to be addressed in this echo. In a number of signed messages, the key fingerprint is being included in the signature data. Correct me if I am wrong, but as I understand the PGP system, this serves no useful purpose other than verbal confirmation, and, may in fact, weaken the system. If I am correct in my assumption, it would be to the advantage of pro-pgp users to remove the fingerprint. Several of the echos I read have used the excuse (although, IMO, invalid) that pgp signatures use excessive message bandwith. Granted, the signature is an additional overhead in the packets; but not as much as many of the "cutesy" olr headers and trailers. lcw --- ATP/DJgcc 1.42 201434369420143436942014343694201434369420143436942014343694718 From: Jerome Greene Area: Public Key Encryption To: Jack Mooney 12 Aug 94 15:26:58 Subject: digital sigs -----BEGIN PGP SIGNED MESSAGE----- - -=> Jack Mooney wrote in a message to Jerome Greene<=- Hi Jack, JM> In many echoes, I feel it might be a waste of bandwidth. A JM> signature generally isn't required wrt the general chit-chat JM> and normal flaming... True, I see absolutely no reason to include a signature in something that deals with an offline mail reader, or shareware program or what have you (at this point). JM> Of course, Fido policy makers, like federal authorities, JM> seem to like to put the cart before the horse. Bureaucrats have been doing this for centuries though. And since we'll never learn, we'll continue to do this until man ceases to exist. (How's that for being cynical?) I suppose that the Fido policy makers could make a policy Okaying the use of digital sigs in any echo, but IMO this is something best left to the moderators, the same as some Sysops don't want encrypted traffic on their systems, it's a matter of choice. Jerry Written on 08-12-94 03:39p ... Don't gamble with security. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkveJnF52VfebiBFAQEmOAP9Gy80Kkc0rkBsDIU4ywgezV/BEJJwA2CF w9gni6R5ZwAK3mRnP1ootCZqWsAXv3eUbeNtYBkjsomvU1KvhoI5eLdyORoG+PLv RKkD5d+vXZgz+z1+f3T5+/VLgfHU65T1T40HmjMalnvEHeLc/AjwTRw85EH12mf4 IIbkENdtTxw= =Bz66 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Shawn K. Quinn Area: Public Key Encryption To: Shawn McMahon 8 Aug 94 10:07:08 Subject: New to PGP *** Quote: Shawn McMahon to Ryan Shaw on 31 Jul 94 14:09:04 *** Subject: New to PGP SM> I think my recent articles in the 'snooze, which I've begun signing, SM> make my position pretty clear. SM> Sign 'em. Encourage other people to sign 'em. If some guy writes an SM> article saying he doesn't want to see any more digital signatures, set SM> up your mailer to impersonate him, write an article saying "everyone SM> should toilet-paper my house" and send it to the 'snooze. :-) Great idea. However, signing messages can get the people in high ranks out here in "we don't want any cryptocrap"-land (i.e., Houston, net 106) VERY pissed. RS> Also, what is the view on the use of PGP signatures in RS> Fight-o-Net echos? SM> Moderators own their echoes. If a moderator wants to throw you out SM> for using signatures, it's his right. So sign everything you send in SM> that echo, and if he throws you out start your own echo. Great, but then you have the problem of attracting people into that echo which covers the same topic versus an echo already started. SKQ 201434369420143436942014343694201434369420143436942014343694718 From: Shawn K. Quinn Area: Public Key Encryption To: Jerome Greene 8 Aug 94 10:10:18 Subject: New to PGP *** Quote: Jerome Greene to Ryan Shaw on 31 Jul 94 11:33:22 *** Subject: New to PGP JG> It seems to me IMO, that most, if not all echoes present excepted :-) JG> view digital signatures as a waste of band-width. And I regard seven weeks of jail time and four and a half months of boot camp as a waste of my time. Digital signatures could have prevented 99.9% of the controversy surrounding that incident. As it stands now we have no idea who wrote the message which got me in trouble. The only thing we know is it had my name in the "From:" field. And I can't sign this one either because of the jerks that would insist upon terminating my FidoNet access for being a twit. "And I think to myself, what a wonderful world..." PSYCHE! NOT! SKQ 201434369420143436942014343694201434369420143436942014343694718 From: Shawn K. Quinn Area: Public Key Encryption To: Christopher Baker 8 Aug 94 10:12:06 Subject: Net 106 still at it? [Was: New to PGP] *** Quote: Christopher Baker to Jason Carr on 01 Aug 94 14:14:04 *** Subject: Net 106 still at it? [Was: New to PGP] CB> they do not deliberately alter or censor mail in Net 106 do they? AFAIK, and I have heard quite a bit, they might. They don't care about P4. Houston, IMHO, really SUCKS as far as Fido goes. The persons in charge of Fido here are... oops, can't say that in the echo, but four-eyed geeks comes close enough. SKQ 201434369420143436942014343694201434369420143436942014343694718 From: Shawn K. Quinn Area: Public Key Encryption To: jason carr 8 Aug 94 10:14:54 Subject: Net 106 still at it? [Was: New to PGP] *** Quote: jason carr to Christopher Baker on 03 Aug 94 09:18:50 *** Subject: Net 106 still at it? [Was: New to PGP] jc> -----BEGIN PGP SIGNED MESSAGE----- jc> I have read (in BBSLAW?) that any echomail coming into the 106 area is jc> screened for the string "PGP" and is directed > nul. jc> Truly. jc> Time for a little netmail to find out for sure, I s'pose? But what if jc> they filter NetMail as well... My note would never get there... jc> -----BEGIN PGP SIGNATURE----- jc> -----END PGP SIGNATURE----- Well, it got missed no less than FOUR times, provided this is coming in via normal links. SKQ 201434369420143436942014343694201434369420143436942014343694718 From: Shawn K. Quinn Area: Public Key Encryption To: Steve T. Gove 8 Aug 94 10:18:58 Subject: PGP in Net 106 *** Quote: Steve T. Gove to Everyone on 05 Aug 94 15:32:31 *** Subject: PGP in Net 106 STG> Ok, so you're dying to know (actually so are we...) if Net 106 is STG> filtering all the echos for PGP messages. WELL, here's what we can STG> all do to see! I happen to know the moderator of the UNIX echo. His STG> name is Lawernce Garvin. He DOES allow clear signed messages in his STG> echo. And guess what...he's a net 106 sysop. His address is 106/6018. STG> So someone, please send a clear signed PGP message in the UNIX echo STG> (preferrably on topic) and also send the same message direct to him so STG> he can look for it. If we are able to confirm that net 106 is STG> filtering PGP messages, well then let the PC's fly at the NEC/NC etc. STG> The NC is Scott Royall at 106/0 and 106/357. The NEC is Lefty STG> Frizzell at 106/449. YES! If this is true, let the policy complaints fly! PLEASE! As many good ones as possible! Oh yeah... if this is true, no wonder a certain net 106 celebrity delights upon calling him Lefty FIZZLE. 8-) SKQ 201434369420143436942014343694201434369420143436942014343694718 From: Shawn K. Quinn Area: Public Key Encryption To: Jason Levine 8 Aug 94 10:25:14 Subject: Quick inquiry... *** Quote: Jason Levine to All on 07 Aug 94 00:51:00 *** Subject: Quick inquiry... JL> Does anyone know what form of cryptology DISKREET (Norton Utilities) JL> uses? I just realized that I've been using it (on and off) for a few JL> years, without having any idea what kind of encryption scheme it JL> uses... *** In the SFS docs, it's mentioned, in nicer words, that its encryption scheme is about as useful as doggy [BLEEP]. The moderator's board has a copy of SFS which is preferable to Diskreet for encrypting whole disks. SKQ 201434369420143436942014343694201434369420143436942014343694718 From: Jess Williams Area: Public Key Encryption To: Wes Landaker 5 Aug 94 17:58:00 Subject: `Other` Pgp-type Programs There is a program called RIPEM which is another Public Key Type Program also based on the RSA algorithm. Instead of using IDEA for its conventional cipher it uses DES. I think it also has another option for the conventional routine. There are a number of Public Key encryption programs out there but those are the two all time favorites. Canada also has a program it likes to use called PKSCRYPT. Hope this helped. :) Jess Williams 201434369420143436942014343694201434369420143436942014343694718 From: Mark Anderson Area: Public Key Encryption To: Ron Pritchett 13 Aug 94 05:12:10 Subject: PGP2.6UIX -=> Ron Pritchett to Mark Anderson on 07-31-94 23:13 concerning PGP2.6UIX<=- RP> Did you try ftp://ftp.demon.co.uk/ ? No, not yet. The only way I can contact the Internet, right now, is through a friend and he said that he needed the address. Thanks for the information. Best regards, Mark 201434369420143436942014343694201434369420143436942014343694718 From: Todd Rourke Area: Public Key Encryption To: Christopher Baker 14 Aug 94 13:04:42 Subject: routing TR> I have tried... I have tried... unfortunately politics in R16 tend TR> to be rather skewed against SecureMail. CB> what have politics got to do with it? it's a personal choice by each CB> volunteer and no one may say them nay. Politics have everything to do with it. NCs not liking the idea of alternative LPM routing, moderators of the assorted network admin areas declaring topics about PGP to be 'off topic', outlawing clear-signing of messages in the admin echoes, and coming up with the standard lines of rhetoric -- "You have something to hide only if you have done something wrong." "PGP is against Policy4." "If you want secure, send it crash mail." Of course most of this is backlash against me and my very vocal stance against Network-endorsed CRaP (cost-recovery programs... which I call CRaP). There's a few NECs making themselves some cash off of FidoNet feeds in R16 and I've been preaching rebellion and free-feeds, which threatens the old-guard. It seems to make no difference that profiteering on FidoNet is pretty clearly against policy. -TR ... Free John Gotti! 201434369420143436942014343694201434369420143436942014343694718 From: Ted Rolle Area: Public Key Encryption To: Chris Baker 14 Aug 94 08:21:00 Subject: PGP distribution. Hello Chris! Would it be possible to put all of the "sensitive" PGP-related things into a separate .TIC thingy? Other than PUBKEYS? My reason is that I don't want systems outside of Zone 1 freqing it, so I am putting these files into their own protected area, only available to systems that have set up a password with me. Or, is this contrary to PUBKEYS policy? Ted 201434369420143436942014343694201434369420143436942014343694718 From: Scott Mills Area: Public Key Encryption To: Tim Devore 14 Aug 94 18:34:42 Subject: PGP & Point Software -----BEGIN PGP SIGNED MESSAGE----- Thursday August 11 1994, Tim Devore writes to Tim Bradley: TB>> iQBVAgUBLGf7jTDp94PCS+V9AQFtHAIAkUpQgXnMDgMzI8MtBwSp142DWRabgbwE TB>> 9o8g2WZB4APE4uHyVdCS/eieZ72LWIuntZfZkOQoTNkIbSIpZLEkgg== =zkzt TB>> -+---END PGP SIGNATURE-+--- TD> How are you getting your messages signed like this. I've tried and wasn't TD> able to figure it out and can't locate what I need in the numerous doc TD> files. I want the actual commands. How do you examine a key on your TD> secring? pgp -sa +clearsig filename.txt will clearsign pgp -kv secring.pgp will list all the id's in your secret ring. Scott "If I shoot a mime, should I use a silencer?" - sw Scott Mills 1024/26CD5D03 PGP fingerprint = 13 D6 FF 43 53 3D 54 7B 94 D0 6B F4 24 13 E5 BD sm@f119.n265.z1.fidonet.org - --- -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLk6AmyP6qSQmzV0DAQEL4AQAq8Xxt8g+0mBySBqzfCtYimvsabAxmLAs 4PunokPGxdHFgMiTwUNTIbbkTxDWrKDvKhjhwQ/zqWpskniO/qD9ad3jsSNb6THC J7/LJdNwsO513are02R3/9I4gcpAz9ZAVQBVhgFlncnt4xsF2BjweP1IBIeavdG0 9DpaYmgGAFI= =ZqSd -----END PGP SIGNATURE----- --- 201434369420143436942014343694201434369420143436942014343694718 From: Scott Mills Area: Public Key Encryption To: Richard Walker 14 Aug 94 18:38:40 Subject: Net 106 still at it? -----BEGIN PGP SIGNED MESSAGE----- Friday August 12 1994, Richard Walker writes to jason carr: RW> No one has a right to tell another person that they must carry RW> encrypted/signed traffic. But to find that encrypted traffic the sysops must me reading all the "private" net mail that goes through their systems. I could have sworn that was against the law. Scott Sleep? Isn't that some inferior replacement to caffeine? Scott Mills 1024/26CD5D03 PGP fingerprint = 13 D6 FF 43 53 3D 54 7B 94 D0 6B F4 24 13 E5 BD sm@f119.n265.z1.fidonet.org - --- -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCUAgUBLk6BOSP6qSQmzV0DAQG+OgP4/9osgEGJB9nr5yP6Ax6W8H7bUV0ZWZw1 eZO+7B3XrhOJumh+6FkO+v71t6pECQAyChV1jmYBsSzCBNNzHq3LN+r08z/TMaW5 1/yN4vzC/XjTl7R+NrY/sZATtpmFtdE8vQhGeLLjffJHE934UXhAM8UOj7nTYUsp c1cYG/kJVA== =+CQu -----END PGP SIGNATURE----- --- 201434369420143436942014343694201434369420143436942014343694718 From: JOE EVERSOLE Area: Public Key Encryption To: Mike Destro 14 Aug 94 21:44:00 Subject: Pgp23a -----BEGIN PGP SIGNED MESSAGE----- MD> PGP23a MD> PGP26 (?, the MIT version) MD> PGPSHEL2 FREQ PGP23A.ZIP and PGP23AUP.ZIP. PGP23A will get you Version 2.3a of PGP, and PGP23AUP will get you a patch upgrade from 2.3a to 2.6 (MIT's Version) Joe Eversole, SysOp - HearthStone InterNet: joe.eversole@ibmnet.com -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkw1YeFwJfuHmTMdAQE7uAP/YQA/1lzBnOzzIQdj95/3OGP5YfzvFCvl k98BYFV7h5THsGW/sM9kMNEBM9/ppAXGfyu8hIowpId/KAX9R1/0kxyRVK+CRatf Dtn+EgcCvqDK9pKqx5cHz6F/mb9sZnxuGl7F++/Ttg+ONbw+lSlEQF3oFluU5Cfk s6BnOmYlo3Y= =B/kv -----END PGP SIGNATURE----- * RM 1.4 B1371 * Friendly fire isn't! 201434369420143436942014343694201434369420143436942014343694718 From: Randy Edwards Area: Public Key Encryption To: All 14 Aug 94 18:21:58 Subject: Epic Seeks Wiretap Data * Original Message Posted via CIVLIB * Date: 10 Aug 94 12:14:00 * From: Randy Edwards @ 1:325/806 * To: All * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:325/806 14835228 From: email list server (listserv@Sunnyside.COM) Reply-To: listserv@Sunnyside.COM EPIC Seeks Wiretap Data Electronic Privacy Information Center PRESS RELEASE _____________________________________________________________ For Release: August 9, 1994 2:00 pm Group Seeks Release of FBI Wiretap Data, Calls Proposed Surveillance Legislation Unnecessary Washington, DC: A leading privacy rights group today sued the Federal Bureau of Investigation to force the release of documents the FBI claims support its campaign for new wiretap legislation. The documents were cited by FBI Director Louis Freeh during testimony before Congress and in a speech to an influential legal organization but have never been released to the public. The lawsuit was filed as proposed legislation which would mandate technological changes long sought by the FBI was scheduled to be introduced in Congress. The case was brought in federal district court by the Electronic Privacy Information Center (EPIC), a public interest research organization that has closely monitored the Bureau's efforts to mandate the design of the nation's telecommunications infrastructure to facilitate wiretapping. An earlier EPIC lawsuit revealed that FBI field offices had reported no difficulties conducting wiretaps as a result of new digital communications technology, in apparent contradiction of frequent Bureau claims. At issue are two internal FBI surveys that the FBI Director has cited as evidence that new telephone systems interfere with law enforcement investigations. During Congressional testimony on March 18, Director Freeh described "a 1993 informal survey which the FBI did with respect to state and local law enforcement authorities." According to Freeh, the survey describes the problems such agencies had encountered in executing court orders for electronic surveillance. On May 19 the FBI Director delivered a speech before the American Law Institute in Washington, DC. In his prepared remarks, Freeh stated that "[w]ithin the last month, the FBI conducted an informal survey of federal and local law enforcement regarding recent technological problems which revealed over 180 instances where law enforcement was precluded from implementing or fully implementing court [wiretap] orders." According to David L. Sobel, EPIC's Legal Counsel, the FBI has not yet demonstrated a need for the sweeping new legislation that it seeks. "The Bureau has never presented a convincing case that its wiretapping capabilities are threatened. Yet it seeks to redesign the information infrastructure at an astronomical cost to the taxpayers." The nation's telephone companies have consistently stated that there have been no cases in which the needs of law enforcement have not been met. EPIC is a project of the Fund for Constitutional Government and Computer Professionals for Social Responsibility. ================================================================ FBI Director Freeh's Recent Conflicting Statements on the Need for Digital Telephony Legislation _______________________________________________________________ Speech before the Executives' Club of Chicago, February 17: Development of technology is moving so rapidly that several hundred court-authorized surveillances already have been prevented by new technological impediments with advanced communications equipment. * * * Testimony before Congress on March 18: SEN. LEAHY: Have you had any -- for example, digital telephony, have you had any instances where you've had a court order for a wiretap that couldn't be executed because of digital telephony? MR. FREEH: We've had problems just short of that. And I was going to continue with my statement, but I won't now because I'd actually rather answer questions than read. We have instances of 91 cases -- this was based on a 1993 informal survey which the FBI did with respect to state and local law enforcement authorities. I can break that down for you. * * * Newsday interview on May 16: We've determined about 81 different instances around the country where we were not able to execute a court-authorized electronic surveillance order because of lack of access to that particular system - a digital switch, a digital loop or some blocking technology which we didn't have to deal with four or five years ago. * * * Speech before the American Law Institute on May 19: Within the last month, the FBI conducted an informal survey of federal and local law enforcement regarding recent techno- logical problems which revealed over 180 instances where law enforcement was precluded from implementing or fully implementing court orders [for electronic surveillance]. ============================================================ --- CPSR ANNOUNCE LIST END --- @ Origin: SOL, home of ANEWS, the Alternative NEWS conference! (1:325/806) @PATH: 3407/14 3615/50 374/1 98 14 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: David Rye 14 Aug 94 18:26:36 Subject: Re: Comment -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 12 Aug 94, David Rye was quoted as saying: DR> CB> Version: 2.6 DR> CB> Comment: PGP 2.6 is LEGAL in Zone 1! So USE it! [grin] DR> How did you get the comment to show up? by putting the following in my CONFIG.TXT in the PGP directory: comment=PGP 2.6 is LEGAL in Zone 1! So USE it! [grin] that's all it takes. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6a Comment: PGP 2.6 is LEGAL in Zone 1! So USE it! [grin] iQCVAgUBLk6aEcsQPBL4miT5AQFgbAQArG039z9laxtNFsixmLQTnENGOPgXpVO2 z4MurxI3DjuB6pJWwiyX/rHTp58twSk7iHHQ7hI7O7B/ISQXBbcBspS/IMA46mD/ cqBKp2Dyl399sfNtgg38uomEkXsXQC9PrLv4LcgGrzuD+1+15huDIycHGOa24pMB G5Ueljd6moY= =zRGa -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Lloyd Warren 14 Aug 94 20:03:12 Subject: Re: Pkey_drop -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 14 Aug 94, Lloyd Warren was quoted as saying: LW> The bbs I read this group from doesn't seem to have the PKEY_DROP LW> echo, nor do I find "any" keyring files. hmmh. ask the Sysop to add it. it comes from the same source as this one. LW> Do you echo to and/or retrieve from any Internet sites reachable LW> via anonymous ftp? no. but keys posted there do end up on the Internet servers. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6a Comment: PGP 2.6 is LEGAL in Zone 1! So USE it! [grin] iQCVAgUBLk6wtcsQPBL4miT5AQElIAQAts//pcRcudCY2CDs8EyhWlc5V+MBmVfG Mpwx6c4Ry2bXLmfAnuYKUpHHufwo6R7bfH/CFci9zdp+HPjdXgfA6d4QRl10KSwf YlRfIsqBIgy51d0Qv4Lr1zO1Fzy99T777YTglDBS2cttKfdWN6ThfrMYOnnbOCL9 9CsP8bssouc= =jG6Y -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: All 14 Aug 94 20:24:08 Subject: new File distribution area -----BEGIN PGP SIGNED MESSAGE----- PUBKEYS has been supplemented by a new, Zone 1 specific area called: PUBKEYZ1 this area is for hatching ITAR restricted Zone 1 only encryption programs to Zone 1 only. all links here with PUBKEYS links have been automatically set for this Z1 specific area except those systems outside of Zone 1. this is to prevent the unintended export of ITAR restricted outside Zone 1 without external intervention by the feeds who now manually remove the extra-Z1 attaches. it also allows those importing this area to send it to a restricted directory for Zone 1 freqs. all Z1 links to this system have been advised via Netmail. anyone wishing links to these areas or to CPD [Computer Privacy Digests] may send direct Netmail to me including a session and Tick password. PUBKEYZ1 will not be available to Nodes outside the U.S. or Canada. thanks. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6a Comment: PGP 2.6 is LEGAL in Zone 1! So USE it! [grin] iQCVAgUBLk61nMsQPBL4miT5AQEWtQP/Yvau1iRj3Ow9d3alg3OpKi6HOwI9LBTX ekeonQWStOdBenR5Jai8dt2JEje1kRQvC5TbqE6EkwUZAokPd5VfFacW3cWGIiHV eQKJyx5h+fAZfA1bVA4178CCPBIOqkFo/NNupm1UgqrvR6lfc+YFJcy/lmFJ/VsV VAuurL81t/0= =PAnA -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: All 14 Aug 94 22:22:06 Subject: FidoNews and PGP -----BEGIN PGP SIGNED MESSAGE----- check tomorrow's issue of FidoNews. here's the editorial excerpt: ======================================================================== Editorial ======================================================================== FidoNews 11-33 Page: 2 15 Aug 1994 This weeks issue of the snooze is quite short: only four articles. The editorial is going to be short too. A couple of the local sysops in our net met yesterday for a confab on PGP and a few beers. Turned out to be lots of beers, supper, and about 12 hours of conversation on dozens of topics, but we did make a few decisions about PGP. By this time next week, a PGP key will be available for both Max and I. While it does not make much sense to send encrypted articles to the snooze, it does seem to make a lot of sense to encourage digital signatures. We are not going to publish the digital signatures or keys accompanying articles, but in the future we will note which articles were accompanied by either or both. We will set up a library for them, and make them available for FREQ. When a digital signature was included, we will check it and note the fact. Also, over then next week or two, I hope to rewrite artspec. I am going to include specifications for a machine setup version of the snooze for door/hypertext systems, and hatch it out with the snooze. I am not sure yet if the machine specification version will be hatched out in the same file echo, or if we should create a new one. Using the same area seems simpler, but objections and opinions should start now. ======================================================================== -30- one step at a time. [grin] TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6a Comment: PGP 2.6 is LEGAL in Zone 1! So USE it! [grin] iQCVAgUBLk7RQssQPBL4miT5AQHHjwP+MiZRcl17dcRrCmujjtWA/QjvamnNsPSP 7/DDchlBeVquFtWyDR4xYOuvuT0ISjxxQMGT0QSCPDJmc+whs5fnfsk1RyXHuNwV rrYvt/pYdLaLFh5+a35/9BKl7K3QXmDkrKTYwYAZx5zBxY3CqMS+jDOjXuHPpqbF Ccpcr24MD/8= =ZZmt -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: All 15 Aug 94 00:54:34 Subject: PUBLIC_KEYS Echo Guidelines - regular repost -----BEGIN PGP SIGNED MESSAGE----- This is the PUBLIC_KEYS Echo. The purpose of the Echo is to provide a place to discuss public-keys for data privacy within FidoNet and elsewhere. We also consider electronic signature possibilities using public-keys and discuss data and software encryption and the various schemes and programs that produce them. This is a technical Echo with very few rules. Those very few rules are: 1. Stay on-topic. Topics of keys and encryption and related privacy and electronic signature issues are welcome. Others are not. 2. No politics [except as it relates to privacy issues] and no religion. 3. No personal attacks, slurs or innuendo. Stick to issues not personalities. 4. No Private flagged messages in Echomail! Encrypted traffic using public-keys is permitted for the exercise so long as it is on-topic. Don't send person-specific encrypted traffic. Such specific traffic belongs in direct Netmail. Encrypted traffic should be in the form of public-keys or public-key signed messages that can be read by anyone with PGP 2.4+ and your public-key. Include your public-key when sending such messages in case the other end doesn't have it or make them aware of how to get it from your system. 5. This Echo may be traveling around the world so try to be concise. Avoid excessive quoting for one-liner responses. 6. Be aware that Echomail is NOT secure. Don't take anything at face value. 7. The posts in this Echo are the sole responsiblity of the poster. If you need verification, use Netmail. 8. The Moderators will deal with off-topic traffic. Don't respond for them. Links to this Echo will only be curtailed when absolutely necessary so please don't make it necessary. [grin] The Moderators are Christopher Baker [KeyID: 1024/F89A24F9 1994/05/18] and GK Pace [KeyID: 1024/EE38FB41 1994/05/14] at 1:374/14 and 1:374/26, respectively. It is Gated into Zone 2 by Harry Bush at 2:51/2 and into Zone 3 by Jackson Harding at 3:800/857. [thanks, guys!] The other Zones are open [hint, hint]. It is recommended that individual, public-keys be made available via Netmail or by file-request with the magic filename: PGPKEY and that the public-key provided for that request by given a distinctive filename using part or all of each provider's name and address. For example, on my system, a file-request of PGPKEY will give BAK37414.ASC to the requesting system. A magic filename of KEYRING will yield extracts from my Public Keyring as BAKPUB14.ASC. This will avoid duplicate overwriting and make it easier to track the keys. Using standard magic filenames will make it easier to find keys and keyrings on different systems. The PGP and Privacy and encryption related files on each system should be maintained with a magic filename for file request. PGPFILES should be set on all participating systems to allow your current related files to be picked up at any time. It is suggested that the actual filename indicate the origin of the list to avoid confusion and overwriting. PGPFILES requested from this system gets the requestor a file called: PGP37414.LST. The contents of this Echo are archived on 1:374/14 as the area is purged. The current past traffic is in the file PUBKEY.ECO. Archived volumes of past traffic [P_ECHO1.ZIP - P_ECHO99.ZIP for example]. Files on this system are available anytime except 0100-0130 ET and Zone 1 ZMH at 1200-9600+ HST/V32 for FidoNet listed systems only. Request FILES for complete listings. This Echo is currently available on the Zone 1 Backbone. It has been EListed as of ELIST211. Please feel free to announce this Echo in all Nets and Networks. A companion Echo for the purpose of submitting public-keys only is now available as PKEY_DROP Echo. PKEY_DROP may be obtained via the same channels as PUBLIC_KEYS. NOTE: If you lose your secret-key password [or forget it] or your secret-key in a drive crash [because you failed to back it up on floppy], you cannot issue a revocation certificate. In that case, you should make a general announcement in all related Echos that your old key should be disabled using the PGP disable command [PGP -kd userid] for your userid. That keeps your useless key on their keyrings [so they won't be replaced from other lists who didn't get the word] and permits them to add a new key from you without one interfering with the other. Thanks. TTFN. Christopher Baker & GK Pace Moderators -----BEGIN PGP SIGNATURE----- Version: 2.6a Comment: PGP 2.6 is LEGAL in Zone 1! So USE it! [grin] iQCVAgUBLk70/ssQPBL4miT5AQFW+wQAiul7bp4NJBfaOQxoEYo2tK8f2lnun87L 0/63CHynmvnOeKM2BeGQw3MCfMz/Zjgd7kCvaxBSp8S8g9VP8mEc4IRiohgrnPRn dQAJNtOAXw3Jg7aX7TtbBn9IVSAD8OYfX3YeITtU6NseaeEDylRflupFWyV0X6Rb nHOBTmayeiw= =UlCP -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: All 15 Aug 94 00:55:20 Subject: PGP-related filename conventions -----BEGIN PGP SIGNED MESSAGE----- [the following are the standard magicnames for various PGP-related files available from participating FidoNet systems. please adjust your magicnames to match those in the list. this will make it much simpler for folks to find PGP-related stuff they need. thanks] the following is the list of standard PGP-related magic filenames that should be used for uniformity by all who provide such files: PGPKEY for your public-key. make the filename distinctive with your Node number or name. mine is BAK37414.ASC. KEYRING for your public-keyring. make the filename distinctive likewise. mine is BAKPUB14.ASC. REVOKE for any key revocation certificates you might issue. mine is BAKREVOK.ASC. PGPFILES for your PGP/privacy/encryption filelist. mine is PGP37414.LST. PGP for the current version of MSDOS PGP executables and docs. PGPSRC for the current version of PGP source files. PGPALL for both executable and source. PGPAMIGA for Amiga version of PGP. PGPATARI for Atari version of PGP. PGPMAC for Macintosh version of PGP. PGPOS2 for OS/2 version of PGP. PGPUNIX for Unix version [if there ever is one] PGPVAX for Vax version [likewise] [send them the source if they request a Unix or VAX version!] if we all use the same conventions, it will be easy for anyone anywhere to file-request just what they want and get what they expect. [grin] thanks. TTFN. Chris p.s. in addition, some of us compiled PEM public-keys for Internet use. those keys and rings are available as: PEMKEY for your PEM public-key PEMRING for you PEM public-keyring C. -----BEGIN PGP SIGNATURE----- Version: 2.6a Comment: PGP 2.6 is LEGAL in Zone 1! So USE it! [grin] iQCVAgUBLk71LMsQPBL4miT5AQHcmgP7Bxpjp48FnLLpzSTvVeKrBYcZOITkDpqe 5kcnvK5YteGU7oiFFCyC1HwIGPSNc/nh/OZ+V4lxXP7f2Rn8h2gSoo9Bl3kWXqSE LCgfcUgbW06WbUbPKEMIsMIeLaXjdf03kbqT2g3FgfZ005CmwDIgZCfc1aN97jGD Sti5n7OdHXI= =pViB -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: All 15 Aug 94 00:56:22 Subject: SecureMail Routing system info -----BEGIN PGP SIGNED MESSAGE----- The FidoNet (r) SecureMail System 30 Mar 94 Copyright (C) 1994 Jim Cannell [Source: GK Pace, 1993; Christopher Baker, 1994] Introduction: This document describes the SecureMail FidoNet (r) Routing System, its Statement of Purpose, and defines the principles by which it shall be operated. It should be noted that FidoNet is a registered trademark owned by Tom Jennings, used by permission to refer to the FidoNet, a hobbyist network of amateur, independent, interconnected systems (Nodes) providing E-Mail transfer services world-wide. Definition: SecureMail can be defined as a group of FidoNet Sysops who have volunteered to provide an alternative E-Mail routing service within the FidoNet Network. The SecureMail System is a component of the FidoNet Network. SecureMail is NOT an alternative, separate, or distinct network. Statement of Purpose: The primary purpose of Securemail, and reason for its creation is the desire for providing increased privacy in the routing of FidoNet E-Mail. The term privacy as used in the transfer of E-Mail is an arbitrary one. Absolute privacy cannot be expected. The degree of privacy obtained will always be related to the procedure(s), effort used to insure privacy, and should not be expected to be absolute if data is to be communicated from one place to another. Routing of E-Mail, as compared to sending it direct, cannot be expected to have as high of a degree of privacy as might be expected when sending it direct. Those who are engaged in operating the Securemail system do so with the primary goal of insuring that all E-Mail routed thru it be afforded the highest degree of privacy technically possible. Those using the Securemail System can expect to enjoy a higher degree of privacy than other forms of routing, but should not expect absolute privacy. Functional Description: The SecureMail System is a group of individual FidoNet Sysops who have volunteered to work together to provide the SecureMail Routing Service to FidoNet Sysops. This group is organized, but does not have authoritative positions. Each SecureMail Sysop is an independent volunteer furnishing a service. There are no monetary rewards, each Sysop contributes the resources he or she uses to provide the service, including all costs incurred in providing it. The operational structure may appear to have hierarchical order and indeed it does, however such structure implements a routing matrix, not positions of authority. The SecureMail operational philosophy can be described as cooperative autocracy. Each SecureMail Sysop is an independent operator who has volunteered to assume the various responsibilities required of an organized effort. No one is compelled to participate, but participation requires the performance of certain agreed upon functions, standards, and of course interaction as a group. Most of the activities parallel or are incidental to normal FidoNet activities. Routing Hierarchy: The basic routing strategy follows the normal FidoNet pattern of routing thru Zones, Regions, Nets, to Nodes. The difference is that SecureMail traffic is routed thru SecureMail Hosts rather than the FidoNet Hosts. A SecureMail Sysop serving in each position is referred to as a Host. There are functional (not Authoritative) positions such as Zone SecureMail Host (ZSMH) Region SecureMail Host (RSMH) and Net SecureMail Host (NSMH). An International SecureMail Host (ISMH) functions as a central coordinator for this functional hierarchy and maintains the routing lists and this document of intent and mission. Note that at any given time, all positions may not be filled, due to the fact that positions are filled by those who have the means and desire to provide the service of each position. Operational Practices: Each SecureMail Host (SMH) has agreed to route E-Mail (referred to as In-Transit mail) in a manner which provides the highest degree of privacy technically possible. Some variances can be expected, as the technical characteristics of each system differ, however each SecureMail Host strives to provide the best service possible. Specific operational practices include: - In-Transit mail shall not be read. Note that some systems do not provide the ability to restrict a Sysop from viewing In-Transit mail. In such cases the Sysop makes every effort to avoid noticing the content of such E-Mail as they scan thru their message bases. - The content of In-Transit mail shall not be disclosed, or given to anyone but the addressee, except as required for routing thru the SecureMail System. - All SecureMail Hosts agree to route any In-Transit mail they receive. This includes encrypted and clear-signed traffic now refused by some systems in FidoNet. In-Transit mail that cannot be delivered shall be returned to the sender along with a brief explanation of why it could not be delivered. If no local routing via another SMH is available, the mail will be sent directly to its destination by the receiving SMH. - In-Transit mail shall not be censored. Routing of In-Transit mail shall not be refused for any reason even remotely associated to the content of such E-Mail. Note: how could it be if it isn't read in the first place? Avoidance of Liability: Those participating in the SecureMail Routing System do so to provide a service at no cost to those who choose to make use of it. There is no guarantee of performance implied nor accepted by the SecureMail System as an organization, nor by the individuals who voluntarily participate to provide this service. Those who choose to make use of this service should recognize that although we strive to provide the best service possible, we cannot and will not offer any guarantees, nor do we accept any obligation for providing any service, or the performance of any service to a defined standard. Those who provide this service specifically deny any liability for the content of In-Transit E-Mail. Any liability that may apply must rest upon the originator. It is the stated practice of those who participate to provide this service, that In-Transit E-Mail is not read. On that basis, those who participate in the SecureMail Routing System will not have knowledge of the content of In-Transit E-Mail, will not censor, make judgements as to the legality, morality, nor suitability of any In-Transit E-Mail to be routed, before during or after having any contact with it. Those who participate in the SecureMail Routing System do so for the purpose of providing a service to others using the FidoNet E-Mail System. It is specifically denied that such service is supplied for the purpose of promoting, enhancement, implementation, or aiding the accomplishment of any illegal activity. No one participating in the SecureMail Routing System will knowingly allow its use to aid, abet, or otherwise participate in illegal activities, or make use of the SecureMail System for any illegal purpose. Further it is our stated operational practice that we shall not be engaged in viewing In-Transit E-Mail for the purposes of knowing whether or not the content of such could be considered illegal, and specifically deny that we could have any such knowledge. Those engaged in SecureMail Routing are constrained by the ECPA [Electronic Communication Protection Act] and FidoNet Policy in their ultimate handling of In-Transit E-Mail in regard to disclosure. Anyone who supports the goal of E-Mail privacy and who agrees to abide by the standards herein proclaimed, may apply to act as a SecureMail Host Routing System at their own expense and without regard to In-Transit E-Mail content. A list of current SMH Nodes is contained in the file SECUREML.MAP which accompanies this document. Applications may be made via direct Netmail to the ZSMH, RSMH, or NSMH closest to your area. International applications may be sent to the ISMH as listed in the map. Most SMH Nodes are identified by the flags listed above in the FidoNet Nodelist. Any questions regarding the SecureMail Routing System may be directed to any SMH listed Node. A FidoNet Echomail conference for all participating SecureMail Hosts is available as SECUREMAIL from any listed SMH. -30- TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6a Comment: PGP 2.6 is LEGAL in Zone 1! So USE it! [grin] iQCVAgUBLk71acsQPBL4miT5AQHwRQQAkJ8U3u3aWF7b/82ppxjiBDmog8bG3pl5 KpgnLM84XykPnrU1KzEnC15lFJPVoaShJb3tll1RoQe7HZxwl8P+Kp8Epuh1pLh8 U1k21VJD8CCy6fTncxU4uo4GGVT89hwgTszmQgekI1sCeOtvMvxFa23ZSMVehCHn 9h5Hzqfb+5w= =b7nP -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Jim Grubs Area: Public Key Encryption To: Christopher Baker 13 Aug 94 18:02:00 Subject: more PGP hoaxing > * Original Message Date: 11 Aug 94 23:34:42 > * From: Christopher Baker > * To: All > * Edited by: Christopher Baker @ 1:374/14 > -----BEGIN PGP SIGNED MESSAGE----- > Steve Winter is now being imitated in usenet with a phony PGP key just > as Ralph Stokes was about a month ago. And his "forged" Fido Crucifixion article is being spread on Usenet signed with the phoney key. (Via an anonymous remailer, of course.) How do we get everyone to delete it? 201434369420143436942014343694201434369420143436942014343694718 From: Mike Riddle Area: Public Key Encryption To: Christopher Baker 14 Aug 94 23:06:22 Subject: PGP 2.6 for the Amiga 1.1 In a message to All on Aug 08 94 at 13:52, Christopher Baker wrote: CB> PGPAMIGA for all the above. ZONE 1 NODES ONLY! ITAR CB> restrictions apply to executables! Actually, ITAR is alleged by those whom it matters to apply to source code as well. A court has yet to rule, so their interpretation should be considered definitive (for the moment)> "For educational purposes only. Not intended as specific legal advice to an individual. State laws vary. Consultation, or representation by a local, licensed attorney may be necessary." 201434369420143436942014343694201434369420143436942014343694718 From: Mike Riddle Area: Public Key Encryption To: Christopher Baker 14 Aug 94 23:08:38 Subject: more PGP hoaxing In a message to All on Aug 11 94 at 23:36, Christopher Baker wrote: CB> Steve Winter is now being imitated in usenet with a phony CB> PGP key just as Ralph Stokes was about a month ago. It had to happen sooner or later. CB> i will obtain and post this real key with my signature on CB> it after he studies the docs and generates one. Good. CB> p.s. we have a long-time, passworded link in addition to CB> voice verification. As much as I usually detest Steve's rantings, a quote from Voltaire comes to mind: "I disagree with what you say, but I will defend to the death your right to say it." Maybe we can at least make sure he only gets skewered for things *he* has said. 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: Zorch Frezberg 13 Aug 94 00:00:08 Subject: `OTHER` PGP-TYPE PROGRAMS -----BEGIN PGP SIGNED MESSAGE----- =snip= ZF> The local police used a DES-"cracker" on a system, thinking that the ZF> STACKER.VOL on a disk was actually encrypted information. Of course, ZF> this is also the same 'computer expert' who claims the FBI sent out a ZF> notice on a "modem virus" which activated during data transfers ZF> on-line... ZF> The DES 'cracker' is available at the least to local level law ZF> enforcement, which means that it's also most likely out there for Joe ZF> Average to play with. ZF> -zf- i used to have it when i was a unix nerd. i actually got it on a cd-rom of unix software. contrary to popular belief, such software _does_ have legtitimate and legal uses. especially if you are a sysop on a multiuser system in a business setting. amp -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCxAgUBLkxTNdQ9obngT6LhAQEKrQTfQwiakBRbifgQ921E4y9AIXCpig5b+Pi2 6SN72A2g17WABhSesIfRxFWZ/sdt9+jrtHK42ZZ10YhBz6z1ZTGIJRx0Wk4u8lJ8 MkF1c9COAAJQ4TAeOqO7gVU61MOTh28SrpO6I2cjWk5/PCSjKlxg6ONG7zBZvVEM xjo4mWJFxGzc9I0VwuP/ckOg0+cq7WanbHeGyiP+6myOYpVY =stXL -----END PGP SIGNATURE----- ... What good ingredients, liberty and immigrants. TGAMP 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: All 14 Aug 94 00:59:32 Subject: cypherpunks -----BEGIN PGP SIGNED MESSAGE----- hello all, does anyone out there know if there is a cypherpunks (e)mailing list? i already get epic & cspr, but am pretty interested in electronic privacy. (this is also a test to see if my new setup with bluewave and pgpblue are working correctly.-olx mangled my sigs.) amp -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCxAgUBLk2ybNQ9obngT6LhAQF/uQTgg6lZo/kBkmUIfCj2U4yZqWqmLVu+Q4AK 4pgOkYaRzDJShz9Cd/1pYplVktIr7b7MVhaCny9qPzO0GZSo1ZCxzdA6dZv9jN6b h4D8kh85Cl8C982GD6VdaHe0RSlgpFnoyic44r578PWYz4VwEN8FHwHKp9QGGWEP oShiLjDfPt9L28tvCfv6AeIGGB7hFm4JwXMbV7uicVu7XUI7 =kcKG -----END PGP SIGNATURE----- ~~~ PGPBLUE 2.5 ... Want my ammunition? You can have them one bullet at a tim 201434369420143436942014343694201434369420143436942014343694718 From: Richard Walker Area: Public Key Encryption To: Shawn K. Quinn 15 Aug 94 02:30:56 Subject: Re: New to PGP SK> Great idea. However, signing messages can get the people in high ranks SK> out here in "we don't want any cryptocrap"-land (i.e., Houston, net 106) SK> VERY pissed. Not at all, as long as you don't utilize THEIR equipment to transmit YOUR signed message. We go to quite contorted lengths to provide you with an echo that you have no particular RIGHT to recieve via coop efforts, yet all you can do is bash the Houston net?!?!?!?! Your position does not seem very defensible to me. SK> ... but four-eyed geeks comes close enough. BTW, I'm one of those four eyed geeks. Yours truly Richard Walker 201434369420143436942014343694201434369420143436942014343694718