From: gk pace Area: Public Key Encryption To: Thomas Hughes 17 Sep 94 19:24:14 Subject: Re: 2.6.1 vs. 2.6ac UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 16 Sep 94, you were quoted as saying: TH> v2.6.1 will also not "add" in any keys that are over 1264bits. TH> (and [surprise] it won't "work with" any of those "pub? 0/0*" keys.) TH> a "changes" file with v2.6.1 claims that it will not generate, but TH> never-the-less will "support" keys up to 2048bits in size. TH> i've tried it under SunOs4*, Ultrix, and Linux with the exact same results. TH> did MIT lie to me, or should we expect a big-bug-fix-release shortly? TH> (should i just think of v2.6ac as the bugfix?) TH> (net-dist.Guerrilla.org has the source code?? [for a *NIX version]) TH> has anyone gotten v2.6.1 to work with >1264bit keys? No, but the Rebel has updated 2.6.1 to 2.61, and it works. You might try compiling the source for 2.61 to see how it does on a *NIX... Available here for US and Canada FREQ only, as: PGP261A.Zip the DOS version *magic name* PGP PGP261A2.Zip the OS2 version *magic name* PGPOS2 PGP261AS.Zip the source code *magic name* PGPSRC Seems to work fine for me...! -gk -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: Fight to keep the Basic Human Right of Privacy! iQCVAwUBLnt6mI9JNB7uOPtBAQEbxgP8DLL4McWQFQqxTLmiU05N8U76sXs8W6/L JI18wVLaf8CTkFg9ZAb3Iekm+JsOTvTRgMx4va5RFjIieR/4D6l1Cn/5J2jbxjFY QH2iA72wlna+hHX7eMKFsiQoBNlwuLYGMstNVmDBFKh9rnoa3qQI0RX6PQsyjDLh 29SOpu6HUxQ= =VVlt -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Frits Spieker Area: Public Key Encryption To: Christopher Baker 17 Sep 94 12:00:02 Subject: PGP 2.6.1 hatched UpdReq Christopher Baker about 'PGP 2.6.1 hatched'. FS>> temporarily with a nodenumber and matching sysop-name from any FS>> zone1 system. CB> if they did so, they'd be engaging in illegal activity. True, but how would you know it? After all, you'll never know who did it, for ALL the signs would be pointing into Zone1 ;-). FS>> Besides, if these files may not be exported outside the US, how do FS>> you handle Canadian freqs? CB> Canada is in Zone 1. True, but Canada is NOT part of the US. Does this ban on the export of PGP *not* include Canada? If so, how is some institution in the US going to prevent someone in Canada from exporting it further. After all, afaik, US-law is NOT applicable in Canada. CB> it is my understanding that the 2.6 source is already over there. CB> simply debugging it better than MIT did would produce a 2.6.1. and They already did. It is called 2.6ui. They found some nasty bugs, but also put in a 'backward' compatibility mode with v2.3 as a lot of people over here are still using that one. Also v2.6ui enables you to use larger keys. Groeten, // Frits // 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Thomas Hughes 17 Sep 94 20:51:22 Subject: Re: 2.6.1 vs. 2.6ac UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 16 Sep 94, Thomas Hughes was quoted as saying: TH> | Pretty Good Privacy(tm) 2.6a - Public-key encryption for the you're a tad behind. 2.6a has been replaced with 2.61 just as 2.6 was replaced with 2.6.1. TH> v2.6.1 will also not "add" in any keys that are over 1264bits. TH> (and [surprise] it won't "work with" any of those "pub? 0/0*" TH> keys.) TH> a "changes" file with v2.6.1 claims that it will not generate, but TH> never-the-less will "support" keys up to 2048bits in size. it is in error. they failed to make the necessary adjustment in the source for the 2.6.1 release. TH> did MIT lie to me, or should we expect a big-bug-fix-release TH> shortly? let's call it an 'oversight' and not a 'lie'. [grin] TH> (should i just think of v2.6ac as the bugfix?) think of 2.61 as the bugfix. freq PGPA for Zone 1 Nodes only. TH> has anyone gotten v2.6.1 to work with >1264bit keys? not unless they've recompiled it. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLnuPDssQPBL4miT5AQGIYQP+MN+XfvbANwHnQ3g/JLCMZ+7d1nVuPB15 geqvfSCGuNh4Ei20H4baZZxCkQ6Iu/rjPeYcqujragdNvV2L0JV/FxLBV5rHo015 Sw3S0D7e22vPS2aacfbvqexRB4RiJhYUoXwWRT4589t+LhH0VanJiAsDuHQ8/1xX dCnagV0VLM8= =4WDC -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Frits Spieker 17 Sep 94 20:54:50 Subject: Re: PGP 2.6.1 hatched UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 17 Sep 94, Frits Spieker was quoted as saying: CB> if they did so, they'd be engaging in illegal activity. FS> True, but how would you know it? After all, you'll never know who not my job. [grin] FS> still using that one. Also v2.6ui enables you to use larger keys. isn't that the same version number they used for 2.6? is there an overseas version of 2.6.1? TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLnuP3MsQPBL4miT5AQGQvgQAkI8viuwJdp021CrabytbE9woiiYDgYVT e2snGN78sKb8J9QNEpRXlHaKI6CM47taK0/5Dls908u25LxtBwY8QMHHZS+mAOWF g3qn/lUzar+XE7iUQbHy83wdZzU3jh15guWZ8y50xLluK7d4bIUOltczLKkKRH6s g2OZMK7D3wU= =GXsV -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Richard Walker 17 Sep 94 22:10:02 Subject: cut it out already [Was: Re: New to PGP]UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 16 Sep 94, Richard Walker was quoted as saying: SK> ... Security, confine Ensign Walker to the brig. RW> I'm not the one who's got a criminal record... both of you retire to neutral corners and switch to Netmail. please don't make this an issue. thanks. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLnuhfcsQPBL4miT5AQEVqAP7B2wI+/nvmhTGQ6e53ANlJXIRrfTSUH0M pzahoZISTJT90JsCVYY0PPo73dL3w2r3J4qvloh4+Ysuu2rW/1eaH4s85LBcN2av SeFehDtHmqZbMS9NJytlCR9xujNDIsSf7Q/rRbbrqX7Epe11HPR6Mtuv6tXO4f0s 13zw5m2hRWo= =/Uah -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Tim Devore Area: Public Key Encryption To: All 18 Sep 94 01:48:20 Subject: Key Revocation UpdReq * This message forwarded from area 'PKEY_DROP' (PKEY_DROP) * Original message dated 18 Sep 94, from Tim Devore To those who may have my Keys!! I had a mega loss of files and Info on my HD some of which were my PGP Keys that I had posted a little while back. I have no way to create a Key Revocation Set of keys so Please Concider this as My Key Revocation. I don't even have a way to give you the Finger Prints of the keys either. :( Please Disable my Keys [PGP -kd "Tim Devore"] [PGP -kd "Ne'ef Rispatha"] This is the last time that I'm gonna get caught with my pants down and not have an updated back up of my configs, I Hope. Tim Devore, Amiga Lib-Op Co-Sysop of Realm of Thought 1:2440/180 201434369420143436942014343694201434369420143436942014343694718 From: Scott Miller Area: Public Key Encryption To: Tim Devore 11 Sep 94 18:19:00 Subject: Proposed FAQ update UpdReq Thanks Tim, I was having trouble with the wording. ------------------------------------ Scott PGP v2.6 key available! FREQ PGPKEY ------------------------------------ KeyID: 4CA7DD5D 201434369420143436942014343694201434369420143436942014343694718 From: Carl Hudkins Area: Public Key Encryption To: Christopher Baker 17 Sep 94 18:19:58 Subject: Intermail mangling... UpdReq On (12 Sep 94) Christopher Baker wrote to Carl Hudkins... CB> change keys? that msg was not mangled but the key was not found here. CB> if ain't one thing it's another. [grin] Hm. Do you mean my key wasn't found by your copy of PGP, so it couldn't verify the message? I don't think I signed those reposts, as I don't have enough memory here to shell out of PPoint and sign 'em. Until one of two things happen, I probably won't be signing my posts here. One, my SysOp and I figure out why the system is re-wrapping the Fido echoes. Two, I get a new point system or rework this one, allowing me to use PGP with my messages. OTOH, if you were looking for my key to have been =posted= in the messages, I can understand why you didn't find it. I post my key to PKEY_DROP, not here. If it ain't one thing, it's usually two or three things! :) At least I have a working UPS now, and all my other toys seem to be behaving... for the moment. carl Boca Chica, Florida carl.hudkins@lunatic.com RIME ->1282 PGP: 2D1E1E39 Fido: 1:124/2113; 1:135/808 ... TimeTag * "Beelzebub has a devil put aside for me!" --Queen 201434369420143436942014343694201434369420143436942014343694718 From: Carl Hudkins Area: Public Key Encryption To: Jeff Hancock 17 Sep 94 18:29:28 Subject: There goes more freedom! UpdReq On (12 Sep 94) Jeff Hancock wrote to *.*... [snip, snip] JH> Although details are sketchy at this time, these new regulations are JH> likely to take the form of some sort of license examination for Internet JH> users. BWAH HA HA HA HA!!! I'm sorry, but this just seems unreal! I'm going to treat it as a humorous posting, because even I can't believe that the D.C. types are so behind the times as to think that this could work. Therefore, all further typing from me shall be read with tongue firmly in cheek; please hold your flames until all members have been recognized. [...] JH> The theory portion of the examination will include written examination JH> of the principles of digital logic, elements of generic machine language JH> programming, and comprehensive knowledge of TCP/IP and network JH> interfacing hardware. AOL users need not apply. :) For that matter, =I= would fail most of that! JH> The jurisprudence portion will assess the candidate's basic knowledge JH> of the regulations governing use of the Internet and will cover ethical JH> as well as legal issues. Licensing will likely include an "Internet JH> oath" requirement in which the candidate will swear to uphold certain JH> basic standards of conduct. Users of the Internet will be required to JH> broadcast their license numbers at logon and intermittently after JH> connection to the Internet. alt.security.pgp contributors need not apply. JH> The practice portion of the examination is likely to be the most JH> controversial. Reportedly, all candidates must pass a typing skills JH> examination and achieve no less than 40 words per minute to obtain a JH> (temporary) novice license. This must be raised to 80 words per minute JH> before a regular-status license will be issued. The Morse Code segment of the examination can be waived, if applicants can demonstrate an ability to either read punched mylar tape or binary characters in either ASCII, EBCDIC, or Baudot. "Mavis Beacon" will enjoy increased sales, as its makers will add a lesson plan geared toward getting your Internet License. Upon reaching a speed of 40 WPM, the typist will then be instructed in the use of the key, and after that the user will have an option to proceed to the Jurisprudence section, provided he can spell it correctly. JH> Novices will restricted to operating networked computers having speeds JH> of less than 5 Mhz or operation of SLIP or dial-up connections of no JH> greater than 2400 baud. (It is rumored that the FCC will make 5 Mhz JH> replacement crystals available at a nominal charge to temporarily slow JH> computers of novice operators). Notice there is no spelling and grammar requirement. A "reliable source" tells me that there was one, but certain legislators culled it out because leaving it in would severely reduce their chances of getting their Novice License. JH> The FCC also recognizes that there are conditions when terminal JH> emulators are not available. Therefore, an expert class will be JH> established for communication using only numeric keypads and bi-digit JH> numeric displays. Although needing a minimum of equipment, this mode JH> will require sending, receiving and manual translation of raw ASCII JH> codes. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Holy carp! I wrote the above before reading this far! I must be psychic. :) JH> Guidelines for minimum communication rates for this mode have yet to JH> be established while the FCC awaits public input. About three words per minute sounds good. One must also consider that not all humans are capable of operating in full duplex, so some speed adjustment may be required for special cases. JH> Although felt to be a desirable goal for all users, this class of JH> license will only be required by individuals operating wireless (RF) JH> LANS. Tee-hee! JH> Asked what the effect of proposed regulations would have on the JH> Internet, a highly placed official noted that these rules "should not be JH> considered prohibitive, as they simply bring regulation of the Internet JH> in line with other communication modes under FCC governance." However, JH> the source did feel that such regulations should be very helpful in JH> restraining the rapid growth of the Internet. I laugh now, but I remember I also laughed when I saw a posting on April 1 about how the Navy was using sound waves loud enough to kill marine life, broadcast from underwater speakers in order to determine temperature differences in seawater layers... or some such. Well, I saw a news story on this the other day. Laugh while you can, 6d 6f 6e 6b 65 79 20 62 6f 79! carl Boca Chica, Florida carl.hudkins@lunatic.com RIME ->1282 PGP: 2D1E1E39 Fido: 1:124/2113; 1:135/808 ... "Believe it if you need it; if you don't just pass it on." 201434369420143436942014343694201434369420143436942014343694718 From: Carl Hudkins Area: Public Key Encryption To: Frits Spieker 17 Sep 94 19:06:18 Subject: Intermail mangling... UpdReq On (14 Sep 94) Frits Spieker wrote to Carl Hudkins... FS> The only thing you have to do is go into imsetup -> editor -> line FS> length and decrease it to something like 60 characters per line. Are you sure? Wouldn't that result in lines being wrapped if they're longer than 60 characters? FS> Some editors, the internal editor of Intermail being one of them, have FS> some word-wrapping scheme that causes problems like described above FS> when/if the the maximum length of a line is set to high in the editor. FS> (One of the *many* reasons I don't use Intermails internal editor ;-)) Interesting, that an editor setting would cause mail not written in the editor to be affected... if that is what you are saying. CH> Any InterMail experts out there???? Send mail to Anthony FS> Please forward it to him. Ok, I have done so, but I'm not certain it will do much good. carl Boca Chica, Florida carl.hudkins@lunatic.com RIME ->1282 PGP: 2D1E1E39 Fido: 1:124/2113; 1:135/808 ... TimeTag * "Bend over and chew on this!" --Brisco County, Jr. 201434369420143436942014343694201434369420143436942014343694718 From: Carl Hudkins Area: Public Key Encryption To: Christopher Baker 17 Sep 94 19:17:44 Subject: PGP 2.61 alternate and source UpdReq On (13 Sep 94) Christopher Baker wrote to All... CB> once again, a bug fix for PGP is available while we wait for a fully CB> functional MIT release. What are the new (or old, unfixed) bugs? I've heard nothing about them, and my 2.6.1 seems to be working ok. carl Boca Chica, Florida carl.hudkins@lunatic.com RIME ->1282 PGP: 2D1E1E39 Fido: 1:124/2113; 1:135/808 ... "Better to ask twice than lose your way once." --Danish proverb 201434369420143436942014343694201434369420143436942014343694718 From: Rich Veraa Area: Public Key Encryption To: Tom Almy 17 Sep 94 21:36:16 Subject: Re: There goes more freedom! UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated:15 Sep 94, Tom Almy was quoted as saying: TA> -=> Once upon a time, Jeff Hancock said to *.* <=- TA> JH> - (UPI) WASHINGTON, DC. The White House confirmed today that the TA> I hope nobody is taking this post seriously. It is obviously a joke TA> (but a good one!) Jeff is a prominent and much-loved fixture on the FUNNY echo. Cheers, Rich -----BEGIN PGP SIGNATURE----- Version: 2.6.1 Comment: rveraa@newssun.med.miami.edu iQCVAwUBLntvWJ80iJ+tnwVVAQGKRwQAheBBXr4YxKKmdg3GSdK/a4kZyZ7gTAGo j1KvgZbSZ7JXevWOt2o/u4yW0AeDon+iWiFOwMAUHaGIDtxX79rzpMwMRCfAOsip zk6M5K0Yehpj/s3ZXLECkfPS16fd7EGHAdlNBnQZnyUpdRR7Rirc8nyHAthvebdN VEdKx6VxZ2Q= =n3jr -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Rich Veraa Area: Public Key Encryption To: Shawn Mcmahon 17 Sep 94 21:47:36 Subject: Re: Need recommendations UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated:16 Sep 94, Shawn Mcmahon was quoted as saying: SM> A client needs to secure a computer against intrusion from a SM> computer-knowledgable (but not encryption-knowledgable) attacker with SM> hours of SM> uncontrolled physical access time. Only certain data needs to be SM> protected, SM> and the attacker is more computer-knowledgable than the user of that SM> computer. SM> My instinct is to use SFS (no need to mess with SecureDrive, since SM> there's no Take a look at SecureDevice (SECDEV13.ARJ). It works similar to MS Doublespace; you set up a "virtual drive" as big or little as you want. Uses IDEA encryption. VERY easy to use. Cheers, Rich -----BEGIN PGP SIGNATURE----- Version: 2.6.1 Comment: rveraa@newssun.med.miami.edu iQCVAwUBLntyAJ80iJ+tnwVVAQFQvwP+ON6kH3v6LXlzwr+wXG/dx11tu6zy8Kz/ JY9kgxR8H75weShR6GetxKvQ404b/U93WyuHhVv6IrxsOfWw3xCRUQaiahd/mXuW 2vc8vJknftYF4mpV4iulSN80c1guvY14NSxLSlKTZ3Pxj3C/nAEwjJH8VoO0jibA UpZ/z95qSK8= =gSK4 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Richard Godbee Area: Public Key Encryption To: Tom Almy 17 Sep 94 09:43:50 Subject: There goes more freedom! UpdReq Tom, -=> Quoting Tom Almy to Jeff Hancock... <=- JH> - (UPI) WASHINGTON, DC. The White House confirmed today that the FCC JH> will become the Federal agency to assume responsibility for regulating JH> the so-called "Information Super Highway." [...] TA> I hope nobody is taking this post seriously. It is obviously a joke (but TA> a good one!) Well, you never know. The government's done weirder... --Ricky Godbee, Jr. richard.godbee@bmtmicro.com --- * TLX v3.40 * BBS Lingo - DTITS: Don't Take It Too Seriously. 201434369420143436942014343694201434369420143436942014343694718 From: Wes Landaker Area: Public Key Encryption To: Shawn McMahon 16 Sep 94 16:48:46 Subject: RSA Broken UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello Shawn! 13 Sep 94 12:31, Shawn McMahon wrote to Wes Landaker: WL> Yeah, basically. If they every get close to breaking at WL> 384-bit key (the weakest PGP key) SM> Been there, done that. But do you have the T-shirt? SM> It takes thousands of MIPS/years, but that's easily within the SM> reach of governments and businesses. Very true, that's why: SM> I recommend you get that 1024-bit key ready now, and revoke your SM> 384-bit. I don't have, nor have ever had, a 384-bit key; I was being hypothetical. :) wjl [Team OS/2] * 1:202/1822@fidonet.org * 371:30/1@chnet.ftn * * wjl@f1822.n202.z1.fidonet.org * PGP Key: AD2254A5 * FREQ: PGPKEY * -----BEGIN PGP SIGNATURE----- Version: 2.6a iQCVAwUBLnou9clPrmStIlSlAQFx3gP/dur8gJHGesSPq+pPjOt+rffrrz0IKqPi T2VfHgKMHCM914+qJdphCglFi99z54/rzWVetjPHQu1ZFM6NZ/43lhbVgCF/uNp8 iZEys8LxOrZju1DgHcq3ndT5RQdp4Q25BDYrgyBiQuyAwGQ/ijlUzQkGxtRwJBUY wx+SAvu7DIA= =X5tA -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Wes Landaker Area: Public Key Encryption To: Richard Walker 16 Sep 94 16:06:26 Subject: New to PGP UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello Richard! 13 Sep 94 16:29, Richard Walker wrote to Wes Landaker: WL> Well then, that stops you from having to worry about WL> in-transit mail from other systems; but do you provide WL> netmail access to your users? :) It's the same thing, there, WL> too. RW> I don't even provide echomail to my users. No way will I open RW> the pandora's box to netmail!!! Now there are a *few* folks with RW> access to echomail, but they are people I've known face-to-face RW> for years not related to computers or bbs'. Basically, I don't RW> allow anyone to access the dangerous stuff (echomail) unless I'd RW> also trust them to belay me or go hunting with me. If you consider echomail that dangerous to your liability, I think you've gone over the deep end of unreasonable paranoia. =) But hey, that's your choice. Why do you even run a BBS, if you aren't going to let anyone use your echomail? That's what it's there for, you know--for _BBS users._ You might as well be a point, or use BlueWave or something if you are _that_ scared of all this liability. RW> I think anyone else that is an open advocate for anything and RW> allows serious access to call-back verified callers is nuts. RW> Really, how hard is it to defeat a call back verification program RW> and then post a uuencoded gif of something illegal. An anonymous RW> call to the FBI out of state, perhaps OK, and your a Texas RW> Two-Step away from the federal pen. Well if the carrier (BBS) is not self-assuming liability, then that would be the user's problem when the FBI showed up, wouldn't it? WL> The ECPA mentions using a "device or component." Personally, WL> I think that covers a computer, using software. :) RW> It mentions lots of things; that proves less than nothing. Okay, sure. If you want to believe the ECPA means nothing, go _right_ ahead. So long as that attitude doesn't affect me in any way, then that's your business. RW> 1.) I don't read any mail on my system not addressed to me, public or RW> private. RW> 2.) Any mail not addressed to me will never be read by anyone, ever. WL> Great! Then there isn't any problem, is there? :) RW> Correct, which is why I can be an advocate for the opposition RW> without any risk at all, even from a frivolous lawsuit. Simply RW> because no one out there can physically construct a situation on RW> purpose that would get me in trouble. I understand system RW> security, and am quite simply, good at it. Let me ask you something: do you run a pay BBS, or accept payment or donations in any form? WL> How can you, if you don't know the contents? Hypothetically, WL> if I logged on as a user, and sent another one of your users WL> private mail about something liablous or illegal, does that WL> make you liable? I don't think it should, but if you _want_ WL> to take responsbility for it . . . RW> If you logged on as a user you would be physically unable to send RW> a message to another user, private or public. Then, pardon the "inflamitive" language, what the hell is your BBS for, if not to send and receive messages? =) RW> Again, I accept complete responsibility for everything on my hardware. I suppose you have _no_ expired, unregistered shareware? What if someone uploads some? Are you responsible for that? I assume you also have a direct, in-depth knowlegde of how every board, circut, chip, and transistor on your computer hardware works, then, to take sure responsibility. :) (Didn't you know that DOS's format command writes binary data to an unused portion of the hard drive that, if read by the correct program, displays pornography? ;) RW> I take adequate defensive measures that ensure that nothing becomes RW> available on my system that I have not been able to review. As I But . . . wait, Richard; in your last message you said: "Your Honor, I neither read, nor censor, any mail; PERIOD." Isn't this contradictary? :) RW> don't want to read private mail not addressed to me, I insure RW> that there does not exist any private mail not addressed to me on RW> my system. I still fail to see what your system offers, then. Only local, public, message areas, censored by you 24 hours a day? (Heaven forbid that two people log on an exchange a message before you can review it, right?) WL> How does encrypted data screw up your mail handling WL> software? If that's so personally I'd be much more willing WL> to switch software than take get mess up in court about it. WL> :) RW> 1.) I am unable to switch software because it is the only RW> available software which works reasonably well and fast for echomail. RW> Besides, RW> I wrote it, but have little if any time to fix bugs. If I was the procecuting attorney, I would have brought in ten or twenty examples of other avalible software that could be used with your system very easily. If even _I_ can think of that, just imagine what somebody who actually _knows_ what they are doing might come up with! ;) RW> 2.) As I've said before, I think the folks who *bounce* the RW> messages are not pursuing the safest course. I believe they should RW> terminate all netmail routing services if they don't want to handle RW> encrypted traffic. If they don't want to terminate all netmail RW> routing, then they should set their systems to route mail only from system RW> which have agreed (in writing) to: RW> 1.) prevent encrypted messages from being originated. RW> 2.) disable the "private" indicator on their system. RW> 3.) make all netmail using users sign an agreement RW> acknowledging that all messages entered on the originating system RW> are public and will be read by as many people as feel RW> like reading it. RW> And whatever other legal mumbo-jumbo a real attorney RW> might like to include to make itself feel important. Well, that's all fine and dandy--you can go right ahead and use this method. Personally--I think it's redundant, unnecessary, potentially liablous, and just plain ol' stupid. =) WL> Anyway, maybe it really _is_ okay to have software censor WL> private mail--but _I_ should don't want to be the WL> fore-running conviction on it--especially since, as far as WL> I've read and heard legal opinion on the ECPA, it's _not_ WL> legal. RW> I disagree, and until there is a successful felony prosecution RW> for this, I will continue to be completely confident that my position is RW> the correct position. It's my understanding that there have already _been_ convictions on this type of thing, Richard--I've seen that quoted to you over and over by other people in this echo. Besides, if the federal government passed a law saying "no chewing bubble gum." Would you waltz out onto the streets poping your bubbles saying, "well, there hasn't been any convictions yet, so I _MUST_ be right!"? wjl [Team OS/2] * 1:202/1822@fidonet.org * 371:30/1@chnet.ftn * * wjl@f1822.n202.z1.fidonet.org * PGP Key: AD2254A5 * FREQ: PGPKEY * -----BEGIN PGP SIGNATURE----- Version: 2.6a iQCVAwUBLnoqsclPrmStIlSlAQErvwQAqHr1Pt8TH5OAuZxTeTDSp06OHBzVRwYa uYDvVaeZ7rhrqdH2YUtJ8aD3X366CsoB6p0CoC1n2tMSA7arQg5cNnkUuA3ytyYV +mli08ok9uBWhWlFcGjsX7851R77y7JKJfesTqG6yd97CNy6ufgt1KxZK/JN9nBa XoXcEqIEmVY= =5Crg -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Wes Landaker Area: Public Key Encryption To: Richard Walker 16 Sep 94 16:31:22 Subject: Net 106 still at it? UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello Richard! 13 Sep 94 16:53, Richard Walker wrote to Wes Landaker: WL> Nevermind that fact that my windows allow zero-visibility of WL> anything by the ceiling from outside, thus eliminating this WL> posibility entirely (in the legal sense, anyway); even if WL> they come looking for a grenade, they aren't going to find WL> one. :) RW> Won't matter, they'll bring one and save you the trouble. If RW> your windows are zero-vis then they'll say the kid saw it laying RW> inside your front door as you were going outside, or some such RW> nonsense. Doesn't really matter; they can create whatever excuse RW> they want that will fit the physical circumstances. Yeah . . . uh-huh . . . sure. :) I don't think I've done quite enough to provoke any major government or agency into trying to "silence" me. Don't worry, though: I'm working on it. WL> There is no legal document regulating the use of encryption WL> in the United States, as far as I know. There is, however, a WL> document regulating electronic private mail: the ECPA. :) RW> So what, I know of actual events in which my assertion has RW> occurred, a guy bought a dummy grenade/paper weight thing for $5 RW> at a gun show, a kid saw it, thought it was real (so they say), RW> the bust goes down, and they waste the guy; then find out the RW> grenade was a desk ornament. If _I_, a well-known and respectible citizen in my community, walked into the police department and said that I saw a grenade sitting on the desk of my neighbor through his window, I can guarantee you that they would probably tell me to "stop looking through his window." Now if some kid walked in there and said the same thing, they'd be even _LESS_ likely to believe it. To get a warrent, there has to be a _LOT_ more evidence than "somebody saw something." RW> So far, I know of no felony convictions for refusing to route RW> encrypted "private" flagged email. Show me one, and I'll RW> contentedly change my opinion. I don't even know of a single RW> instance of modest harassment by the feds of someone who refuses RW> to route encrypted mail. I never said it was illegal to not route it. It's illegal to read it. And if they can tell if it's encrypted or not, then they're LOOKING at it. :) RW> Basically, my opinion is that PGP makes you look suspicious to RW> Uncle Sam; Uncle Sam may not be able to read your message, but RW> that won't stop him from *creating* a plausible fiction and RW> nailing your behind to the wall, given half a provocation. I'm . . . _SO_ . . . scared. If the government finds me making so much trouble that they've got to make up alligations against me that I couldn't disprove, well, there's nothing I can do about that anyway, is there? With the same token, they can just as easily do the same thing to you, Richard--so why bother with worrying so much about liablity on your system? :) WL> you'd probably run into a little trouble. :) You'd probably WL> be pretty upset if the phone company set up a little device WL> to make your phone conversations disconnect whenever you WL> said the word "okay," wouldn't you? I sure would be! =) RW> Big difference, the phone company is a recognized and regulated RW> common carrier, to whom I pay big bucks each month. Last time I RW> checked, yall are leaching off of a basically free service, RW> routed netmail is not a right. You have no contract with the RW> distributors stating that they will route your netmail. No, but I have the ECPA saying that they can't _read_ my netmail. And if they route everything _but_ my encrypted messages, then that means they _are_ reading my netmail. And that's illegal. WL> You quoted my message, and replied to it's content. The WL> person I was talked about, QUOTED my message, and told me WL> not to send encrypted traffic RW> I have stated before that I disagree with this particular method. RW> I think its dumb. I think they should route these offensive RW> messages into the twilight zone never to be seen or heard from RW> again by anyone, ever. Eventually, I hope they'll terminate RW> routed netmail entirely. That will end the self-righteous RW> leaching off of a freely offered service, and make yall put your RW> $$$ where your mouth is, or start sending your mail direct. I'm very glad that you are not part of the routed-netmail system, Richard, as obviously you haven't much of a grasp on it's concept. Why do you want to destroy routed netmail so much? RW> OTOH, you could have created that QUOTED message yourself as RW> easily as you could have recieved it from Joe Blow Bouncer. So, you're saying that if I slander you here on the echo (this is hypothetical, you know), I don't need to worry about any liability on my part because I can just say that you created it yourself? :) Signed with my PGP key? Hey, I can just say you made that key, and denouce that I _use_ PGP, or even that I know who you are. But what are the chances that this sort of story is going to stand? wjl [Team OS/2] * 1:202/1822@fidonet.org * 371:30/1@chnet.ftn * * wjl@f1822.n202.z1.fidonet.org * PGP Key: AD2254A5 * FREQ: PGPKEY * -----BEGIN PGP SIGNATURE----- Version: 2.6a iQCVAwUBLnoue8lPrmStIlSlAQGRUQP/R2WUjUDIy5pVm3bNMNp980FP4IfFZptn VCdr3wsDWldhvx2b3SifrxCOQUa/RaufYkMQtsCW8KD/QWwsMmmQI0vQmoPUsVP7 SJ5zgYcxeB2on7lr498qJFRXo+tiUVNKYXzoum+Yx98eLTQkZj4wLFqpEzf0SoCz 7a9PzFw8IyY= =e8x1 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Brad Ems Area: Public Key Encryption To: All 18 Sep 94 16:57:12 Subject: Getting Started w/PGP UpdReq OK, I realize that the discussions going on on this BBS regarding PGP and other encryption methods tends to be pretty esoteric, but I've got to ask some questions to get up to speed. 1: I have both PGP 2.3 and 2.6. I have learned that after a certain date, PGP 2.6 will not work with keys generated by 2.3. Am I correct in thinking this? 2. I have a number of friends that have PGP and we'd like to begin using it for private e-mail. Where is a good message clearing house where we can post (if there is one)? 3. I have heard that give that MIT worked on PGP to legalize it in the eyes of the Washington bureaucrats, it may not be entirely robust. has anyone any info on 2.6's integrity? 4. I have read and re-read the manuals that come with PGP, and I believe I have a good idea of how it works and how to effectively use it, but in reading the posts in this sub, I realize that I may not know as much as I think. How much here is cryptographic finery that a bumpkin like me does not need to know, and how much is critical stuff that will have Janet Reno knocking on my door if I don't? Brad Ems **** LEGALIZE FREEDOM **** 201434369420143436942014343694201434369420143436942014343694718 From: John Schofield Area: Public Key Encryption To: Leroy Ang 18 Sep 94 09:13:42 Subject: New To Pgp UpdReq -----BEGIN PGP SIGNED MESSAGE----- --====-- LA> Do you mind teaching me how to use PGP with BlueWave? I tried using LA> batch files to sign my mails but not very successful and my knowledge LA> on batch programming is very limited. So can you help suggest any LA> solution? I use EZ-PGP a program I wrote to allow signing and/or encrypting of e-mail, posting of keys, etc. It seems quite popular, but it does not support decrypting or checking signatures. PGPBLUE is another good program--it works only with Bluewave, where EZ-PGP works with any off-line mail-reader. PGPBLUE is much more popular with Bluewave users than EZ-PGP is. However, I just tested out the latest version, and found many problems with it--I couldn't get all features to work right. EZ-PGP is free for everyone to use, while PGPBLUE costs $10 to register. You should probably download both, and see which suits you best. It's a very personal choice. You can download them both on the first call at the Sprawl BBS (818) 342-5127. JMS -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Call 818-345-8640 voice for info on Keep Out magazine. iQCVAwUBLnxlyGj9fvT+ukJdAQEM5QQAlf6ocXEh+WztloV8VksV3pwzWXaMy8Sn 6S8yf37AGy0ktLWJ7AhOlVPBKklglULljY2gCcYSFP0s58GmF7Gxa6wqDxHdYbzD I3cBrcgB82Tp7c0hZuY92wJOiW0a14N2x65N6bBbw5PTXpQBYtrY4LVS3wrrq/1k mKJJWdooSmY= =qwif -----END PGP SIGNATURE----- **EZ-PGP v1.07 ... He who gives up freedom for security deserves neither. 201434369420143436942014343694201434369420143436942014343694718 From: John Nieder Area: Public Key Encryption To: All 18 Sep 94 18:51:34 Subject: Who's This Ashworth? UpdReq I am posting this for a friend whose BBS doesn't carry this echo. In a nutshell, here's his situation as he explained it to me (sorry, but neither he nor I have been paying much attention to the Fidonet PGP wars for the past few months, otherwise we'd know more answers): He uses PGP extensively in his Fidonet netmail, which usually is being sent to one of the GUUCP gates to Internet. He has been using PGP for well over a year with no problems. A couple of weeks ago, he sent a PGPed message to a Fidonet user and received a message from someone named RICK ASHWORTH who had intercepted the correspondence and threatened an "annoying behavior" complaint against the BBS my friend uses if he ever saw PGPed messages from him again. Naturally, my friend has no control over the routing of his messages. It is our understanding that nodes that do not wish PGPed traffic run a program (PGP-Toss?) that reroutes the communications to a system of pro-PGP nodes (Securenet?) who then carry the encrypted traffic. My friend's sysop is no help in any of this, BTW, as he doesn't consider either the issue or my friend worth any hassle whatsoever on his part. What's going on here? Is Ashworth just some crank on a jihad or has PGP policy changed that substantially on Fidonet since I last looked? Correspondence follows (note that Fidonet policy quoted seems a clear violation of Federal ECPA): ======================================================================== IN> I have been using PGP on the backbone for over a year without incident IN> or complaint. As far as I know, after reading literally megs of IN> heated policy discussion on Policy Fourteen, there is no agreement on IN> its meaning regarding PGP. Fidonet uses a document called Policy 4. IN> It was my understanding that PGP messages are permitted and encouraged IN> on Securenet, the network of pro-PGP Fidonet carriers, and that PGPed IN> messages were automatically shunted to this sub-net, away from non-PGP IN> Fidonet carriers. This is NOT a Securenet node, it is a regular FidoNet node. IN> If this is not the case, please explain by what mechanism private PGP IN> mail is to sent on the net. I have no idea how it is sent, as I have no interest in routing encrypted mail. IN> Please, also explain who you are, I'm Regional Echomail Coordinator of Region 11, and Network Coordinator of Net 108. IN> WHY YOU HAVE INTERCEPTED, I have not intercepted anything, YOU sent it as a routed msg and it was routed through my node, at my expense, and without my permission. IN> STOPPED AND IN> EXAMINED MY PRIVATE COMMUNICATIONS WITHOUT MY PERMISSION, This node does not guarantee any privacy of any mail passing though this system regarding sysop review. Furthermore, this node expressly FORBIDS the routing of encoded or encrypted mail through this system. IN> and by what IN> authority you assume to dictate policy to me. I assume to dictate policy to you, as a node routing mail at my own expense for the convenience of the nodes in my region, and with the sanction of Policy 4, section 2.1.4. Before attempt to start playing hard ball with me, please review this section of Policy 4 (not Fourteen), which obviously you are not familiar. I suggest that you contact your own NC and get a copy, read it, and understand it. If you persist after this warning, I will begin to take steps to see that your node is not permitted to route mail on the FidoNet backbone system, and I will file a formal policy complaint to have your nodenumber removed. 2.1.4 Encryption and Review of Mail Fidonet is an amateur system. Our technology is such that the privacy of messages cannot be guaranteed. As a sysop, you have the right to review traffic flowing through your system, if for no other reason, than to ensure that the system is not being used for illegal or commercial purposes. Encryption obviously makes this review impossible. Therefore, encrypted and/or commercial traffic that is routed without the express permission of all the links in the delivery system constitutes annoying behavior. IN> All responses are explicitly for republication. I would appreciate the courtesy of a reply that you have read this msg, understand it, and will not route any further encrypted mail though it. Rick Ashworth, REC11 201434369420143436942014343694201434369420143436942014343694718 From: Jesse Allred Area: Public Key Encryption To: Jeff Hancock 16 Sep 94 20:40:44 Subject: There goes more freedom! UpdReq On (12 Sep 94) Jeff Hancock wrote to *.*... JH> A reliable message poster left this on my system. Thought I would share JH> it with you. JH> The FCC also recognizes that there are conditions when terminal JH> emulators are not available. Therefore, an expert class will be JH> established for communication using only numeric keypads and bi-digit JH> numeric displays. Although needing a minimum of equipment, this mode JH> will require sending, receiving and manual translation of raw ASCII (rotflol) had me going up to this point ... ... It is dangerous to be right when the government is wrong. - Voltaire 201434369420143436942014343694201434369420143436942014343694718 From: Shawn K. Quinn Area: Public Key Encryption To: Richard Walker 16 Sep 94 22:11:42 Subject: Re: New to PGP UpdReq -----BEGIN PGP SIGNED MESSAGE----- *** Quote: Richard Walker to Shawn K. Quinn on 16 Sep 94 08:31:26 *** Subject: Re: New to PGP RW> If yall truly believe that, you are more nieve than I thought. SKQ> OK, apply as a postal inspector, and open/read/jack with a letter SKQ> without a warrant. See you in the pen... RW> Amazing that you trust big brother so much... RW> Besides, I already have a job, and it pays more than the post office. Well, gee, you declined my challenge so quickly. Too bad. SKQ> ... Security, confine Ensign Walker to the brig. RW> I'm not the one who's got a criminal record... Mine is only temporary. Duh... Is it just me, or does this guy enjoy being a ****? SKQ -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLnpeaDzG+cClnFb5AQG68gP/W9ukTjEXzodXoablIlHPa2AjyV1EAxf+ x60cdWeGEMeSc+LXRtuDLzBnQIDbcjPpRwnrRBa/1bZNU3Y7R5q/59MF+8Kg+vWM YR+vFyhjJIM3c7NDJt3g0ZPDLy6dUjhl+b9D/oNuMNzPDpFepFZZR9PQZPImiejn /LVOMhqPNcE= =474R -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: gk pace 19 Sep 94 12:20:20 Subject: Re: PGP 2.61 alternate and source UpdReq Despite the stern warnings of the tribal elders, gk pace said this to Tom Almy: gp> I use it... but you make up your own mind... won't hurt my gp> feelings if I'm the only one who does... You're probably not the only one, GK; Rebellious Guerilla probably uses it, too. 201434369420143436942014343694201434369420143436942014343694718