From: John Schofield Area: Public Key Encryption To: Jim Gorges 24 Sep 94 15:35:18 Subject: Keep Out Maillist UpdReq -----BEGIN PGP SIGNED MESSAGE----- --====-- JG> John: There has been no response from the Expressnet listserver. Is JG> Keep-Out's mailing list active and operating? The mailing list software is not operating on my machine, but rather on my Internet provider's machine. (He gates newsgroups to me in standard FTSC format.) I tested it out when we got it installed, and it worked. I'll look into it and see if it works again. The mailing list is VERY low volume, and will be mainly used to distribute future electronic releases of Keep Out. However, you should still have received a confirmation from the listserv. I'll look into it. JMS -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Call 818-345-8640 voice for info on Keep Out magazine. iQCVAwUBLoSoYGj9fvT+ukJdAQHYVwP9GX3Jv1cmsE9JstFttwUSvb9tsznHLbuV 9CVgl9YRUVEGJnQjeDUwGipfdplQ5Kt9B/smkZDBV7vhFymYcrqBTq5dtn0cOxKf 68aNS3ibNOvpU319WkTTmx0xxvYytJ/1OE0YEn5Q+z3lXGUddm0E8HmdkBtRyRMo LLbX9z5/kk0= =47LU -----END PGP SIGNATURE----- **EZ-PGP v1.07 ... A day without sunshine is like night. 201434369420143436942014343694201434369420143436942014343694718 From: jason carr Area: Public Key Encryption To: John Nieder 25 Sep 94 11:27:56 Subject: How to Handle PGPmail UpdReq John Nieder wrote in a message to jason carr: jc> Sure he does. Send it direct, or through a securenet host. JN> I don't follow, nor does my friend. Please explain what's JN> wrong with this picture: To send Fidonet netmail to a user, JN> the only form I've seen is to mail to, as an example, His JN> Name at 1:222/333. That seems "direct" to me. I see no way JN> to alter that. Sorry 'bout that: I'll try to be more clear. There are two basic ways to move mail in fido, directly or routed. DIRECT via phone call from A to B. ie origin bbs --> destination bbs ROUTED to your hub, to the net hub, to one of the national hubs ("stars") to the destination net hub, to his hub, to his bbs. ie origin -> your hub -> your net hub -> star -> dest net hub -> dest hub -> dest bbs The direct method means a LD phonecall for the originating sysop, if the destination bbs is not local. Often, users are charged a quarter or something for each direct netmail. No one but the two sysops can tell you what to put in your direct netmail, assuming it is technically compliant and legal. The routed method is "free" to the sysop, and you, (kinda) because the msg is bundled with the huge volume of echomail traffic that is moved. All sysops involved in passing the msg have the right to deny passage to encrypted mail. In the admittedly poor example I have offered above, there are 7 sysops involved, any of whom could (imo) righteously reject your netmail. The way to get direct mail is to give yer sysop a coupla bucks and ask him if he will give you access to set the "crash" or "direct" bits on netmail. That means your mail would go out to the destination system directly, with no routing (Please note that, depending on his mailer's configuration, it may not go out immediately. Often, direct NM is sent out at night to take advantage of lower rates. jc> If that was Netmail you just quoted =you= may have just opened up a jc> nasty can of ECPA worms. JN> Nope. The mail was sent with the explicit proviso that any JN> reply from Ashworth was explicitly for republication. Excellent. Glad to hear it. jc> This is the bottom line. You can't route encrypted mail through jc> someone who doesn't want to move it. Send it direct. JN> "Direct"? See above. I'm lost. I'm sure my little lecture above could stand much improvement. Let me know if you'd like more info, and I'll netmail (routed! :) some better info to you. jason ... Never ask a hungry cat if it loves you for yourself. 201434369420143436942014343694201434369420143436942014343694718 From: John Schofield Area: Public Key Encryption To: Leroy Ang 25 Sep 94 10:03:46 Subject: New To Pgp UpdReq -----BEGIN PGP SIGNED MESSAGE----- --====-- LA> BTW, do you think it's safe to xchange public keys through such LA> PGP conf.? If you just grab an unsigned key someone has sent over the net, of course not. However, since people can sign keys to verify them, (Read up on "Web of Trust" in the PGP documentation, or in the next issue of Keep Out.) exchanging keys over the various nets is pretty darn secure. Don't trust an unsigned key, and don't trust a key signed by someone you don't trust. JMS -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Call 818-345-8640 voice for info on Keep Out magazine. iQCVAwUBLoWsw2j9fvT+ukJdAQHw1AP/foq3gyaIIyXZra78DlBsiv8v6hQDzT5u 3BBp86cBOfUPbGoZ+Bj5OKmHUkeEWmd9kmvmzkS496+13w/GMQ1w0f2fsbZgmFz/ p1NMtxDUdudDY29n9BOXnkD6gvecunckkjMvi60A9ezWALEPHdWnoFsnGCjiQ4wS rH+r1KDjZ8c= =NXns -----END PGP SIGNATURE----- **EZ-PGP v1.07 ... "It's not frozen up, it's just resting." -- John Schofield 201434369420143436942014343694201434369420143436942014343694718 From: Tom Klein Area: Public Key Encryption To: Richard Godbee 25 Sep 94 15:49:10 Subject: Signing Messages UpdReq ......... from Tom Klein, a.k.a. \\\...tak 09/25/94 @1549 hrs. -----BEGIN PGP SIGNED MESSAGE----- RG> I'm relatively new to PGP, but I like the ideas behind it and would > like to get involved in the use of PGP. But, I have a question... > To sign a plaintext file with your secret key: > pgp -s textfile [-u your_userid] RG> Okay, I think this is how most of you here sign all of your messages, but ( > probably wrong here; I just want to make sure) would this give away your > secret key? Why not sign it with your public key? I am not an expert on PGP but have been using it for a year or so. I have not used PGP a lot but have been monitoring this conference to pick up hints. pgp -s is not the one I use, but the one marked ** below: To sign a plaintext file with your secret key: pgp -s textfile [-u your_userid] ** To sign a plaintext file with your secret key and have the output readable to people without running PGP first: pgp -sta textfile [-u your_userid] Your confusion is caused by the terminology used. You sign the text file using your secret key but your secret key is not part of the file. The public key is used to check the signature or to read an encrypted. The public key is the ONLY key ever given to anyone else. As I was re-reading this I remembered that I don't even do the above with changing the 'config.txt' initialization file. I missed the usage of this file when I originally started using PGP. Edit the file to suit your situation but some of the minimum items are listed below: MyName = "Tom Klein" ; Change to your ID name ClearSig = ON ; Creates message digest signature Armorlines = 79 ; Line length for BBS mail use Armor = on ; Use -a flag for ASCII armor whenever applicable TextMode = on ; Attempt to use -t option where applicable verbose = on ; verbose diagnostic messages You also need to add a couple of items to your 'autoexec.bat' set pgppath=d:\pgp\pgp26 rem GMT setup for PGP: New York TZ=est5edt, Chicago TZ=cst6cdt SET TZ=est5 The time zone setting has more settings and they are described in the 'config.txt' file. I clear signed this message just to show you what it looks like. If you had my public key you could verify the signature and if the signature verified you could be sure that the message was received by you was exactly the same one that I had written. The signature is a message digest of the entire message and no changes can be made to the message without the signature being invalid. -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLoXiYvLUJgkek7ZNAQHc5QQAwPC0+zPz+KAaf58Tjdp5alqkwJhQ5B+c fyRq80GLorPqv0JVg1keN9jmxT4Tdj28SeSUrfTdCBEUD11R3mT5Ql5oGHWRoCko lUbof3T7dA2m78BnREP4zRHR6HdxgZgkPEz7xNNm8COarldAFK3HnAuYVE81qgV0 EElZTIGHDSU= =+wWp -----END PGP SIGNATURE----- --- * QMPro 1.52 * "Don't just expect complications, rely on them." 201434369420143436942014343694201434369420143436942014343694718 From: mark lewis Area: Public Key Encryption To: John Nieder 25 Sep 94 13:02:14 Subject: How to Handle PGPmail UpdReq jc> Sure he does. Send it direct, or through a securenet host. JN> I don't follow, nor does my friend. Please explain what's JN> wrong with this picture: To send Fidonet netmail to a user, JN> the only form I've seen is to mail to, as an example, His JN> Name at 1:222/333. That seems "direct" to me. I see no way JN> to alter that. DIRECT in this case means that the originating system will call the destination system to deliver the message. DIRECT as in not sending it routed thru other systems. DIRECT as in point to point delivery. )\/(ark # Origin: (1:3634/12) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: jason carr 26 Sep 94 09:16:24 Subject: Re: PGP Signatures UpdReq Despite the stern warnings of the tribal elders, jason carr said this to all: jc> What do you guys think about this idea? It's too Fidonet-specific. 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: John Schofield 26 Sep 94 09:21:12 Subject: New To Pgp UpdReq Despite the stern warnings of the tribal elders, John Schofield said this to Gary Mirkin: JS> No current mail-reader that I know of supports a decrypt JS> function--there is no simple way to implement it. Sure there is, John. It's got to be done by the reader author, if you want no kludging involved at all, but I have it working with SQED/32 with a little kludging. Just have to click on CHANGE, call up the TOOLS menu, and click on the user-defined tool that calls my decryption command file. The only reason I have to use a command file at all is that I want a pause at the end, so I can see if signatures verified. It's as simple to implement as any other part of a reader. In fact, doesn't GenMsg already support decryption? 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Dan Wilson 26 Sep 94 09:26:26 Subject: Need recommendations UpdReq Despite the stern warnings of the tribal elders, Dan Wilson said this to Shawn McMahon: DW> I would assume that your client would be able to take some action DW> against the person in question if he found such evidence of DW> hacking. Yes, but only if he can prove who did it. Anybody with a screwdriver can remove a CMOS password. DW> Do the methods you are proposing prevent a hacker from making a DW> backup copy of the encrypted drive/files and taking the backup DW> with him, leaving him then at leisure to play with the copy DW> off-site? The methods I PROPOSED did, but the methods I've been allowed to implement do not. :-( However, it will take extraordinary measures. Since I used SFS instead of SecureDevice, they'll have to use a special program to do it. (Instead of just PKZIPping the darn thing onto multiple floppies, as you could do if it was a SecureDevice file. That is, if I'm reading the SecDev docs properly.) 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Peter Bradie 26 Sep 94 09:30:02 Subject: New indecency rules propo UpdReq Despite the stern warnings of the tribal elders, Peter Bradie said this to Shawn Mcmahon: PB> It's going to happen, Shawn. The only way to fight it is by PB> electing congresscritter at the state and national level that PB> have some respect for the constitution, and an inherent PB> distrust of large bureaucracies. I quoted this back because it can't be said often enough. All the bitching and griping we care to do in this echo doesn't accomplish a fraction of what we can do by working in the political process. Even so simple an act as writing your Congresscritter a letter can work wonders; they're very sensitive to complaint mail. 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Raymond Paquin 26 Sep 94 09:33:24 Subject: Weak keys UpdReq Despite the stern warnings of the tribal elders, Raymond Paquin said this to Shawn McMahon: RP> 'compatible' with the first. You can check that for yourself: RP> an 'old' version of the source-code for PGP (I don't RP> remember which) has commented-out code to do the extra RP> checking. Hmm. I haven't had source before about 2.3, and I don't believe I have that laying around anymore. I wonder why Schneier didn't mention this in his book? 201434369420143436942014343694201434369420143436942014343694718 From: Rich Veraa Area: Public Key Encryption To: Raymond Paquin 26 Sep 94 06:56:52 Subject: Re: RSA Broken UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated:23 Sep 94, Raymond Paquin was quoted as saying: RP> SM> PGP relies upon the fact that the odds of actually RP> SM> generating a weak prime with it's algorithm are RP> SM> significantly less than the odds of getting hit by RP> SM> a meteor while generating your key. :-) RP> Then I must conclude that the odds of getting hit by a meteor are quite RP> high...(g). RP> In order to find a 'strong' *pair* of prime numbers, RP> one has to generate about 600 (!!!) prime numbers, about 70% of which RP> are rejected because they are weak (singly) and about 29.999% of which RP> are rejected because the second prime number found, although strong RP> singly, is not 'compatible' with the first. RP> You can check that for yourself: an 'old' version of the source-code RP> for PGP (I don't remember which) has commented-out code to do the extra RP> checking. RP> Uncomment it, re-compile the program and see for yourself. RP> The program will take MUCH longer in spite of the fact that the extra RP> checking is NOT as complete as it should or can be. The strong-primes code is still there, with the following comment: /* #define STRONGPRIMES *//* if defined, generate "strong" primes for key */ /* *"Strong" primes are no longer advantageous, due to the new * elliptical curve method of factoring. Randomly selected primes * are as good as any. See "Factoring", by Duncan A. Buell, Journal * of Supercomputing 1 (1987), pages 191-216. * This justifies disabling the lengthy search for strong primes. * * The advice about strong primes in the early RSA literature applies * to 256-bit moduli where the attacks were the Pollard rho and P-1 * factoring algorithms. Later developments in factoring have entirely * supplanted these methods. The later algorithms are always faster * (so we need bigger primes), and don't care about STRONGPRIMES. * * The early literature was saying that you can get away with small * moduli if you choose the primes carefully. The later developments * say you can't get away with small moduli, period. And it doesn't * matter how you choose the primes. * * It's just taking a heck of a long time for the advice on "strong primes" * to disappear from the books. Authors keep going back to the original * documents and repeating what they read there, even though it's out * of date. Cheers, Rich -----BEGIN PGP SIGNATURE----- Version: 2.6.1 Comment: rveraa@newssun.med.miami.edu iQCVAwUBLoZ+vJ80iJ+tnwVVAQFBxQP+MwhZ1GwPQotBBY/IbSNMLVx+x3nVVhve 3mBWWnVyInjsIfcZRtDqYMjmIa1bvjKH1J1/HwC/eg+A5pOlkmwvvEU8F+o+VKX2 EhC2pWyCvmhpjUcJBQgCIcraL+3CP89qJkZ/DfzChbPGOyRSORh+vnYC1S2u2yVn BtVC2ovMJDQ= =3ILc -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Tim Bradley Area: Public Key Encryption To: Tom Almy 25 Sep 94 10:38:30 Subject: RC4 Revealed! UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message of 20 Sep 94 Tom Almy wrote to Jim Bell: -=>> Once upon a time, Jim Bell said to All <=- JB>> Disclosure of the formula does not necessarily allow eavesdroppers to JB>> intercept and unscramble coded messages sent with the RSA encryption JB>> software. But widespread dissemination could compromise the long-term JB>> effectiveness of the system, software experts said. TA> If dissemination could comprimise it, then it isn't very good in the TA> first TA> place. That would mean that your encrypted data could be more easily TA> decrypted TA> by anyone knowing the algorithm by legal means or otherwise. Not to mention that this is TOTALLY irrelevent, as the original algorythm was published in an academic trade journal -- that's how the whole dustup with Phil Zimmerman & RSA/PKP started in the FIRST place: Phil read the PUBLICALLY AVAILABLE algorythm, and wrote PGP, unaware that three months AFTER the article was published, the author decided to apply for a Patent. I have *NO* clue why anyone even BOTHERED to hack out the RSA algorythm's -- the gist of the data was already published... Later Daze, -- Tim Bradley -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: Would you send a letter without an envelope? iQBVAwUBLoWnczDp94PCS+V9AQGrygH+M/Ma7TgLV1BLr6ps4gjehzWRDK+KKQdz 3XZYgnptxmt+R8JweregnlDpjhIYMl4HWN71Y7wQVERPIfr2tkw5Sw== =sPt1 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Tim Bradley Area: Public Key Encryption To: Raymond Paquin 25 Sep 94 11:03:48 Subject: RSA Broken UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message of 18 Sep 94 Raymond Paquin wrote to Jim Bell: TB>> Um, I am given to understand that the TB>> particular "family" of *RSA* keys TB>> that can be broken are a specific, easy-to-crack TB>> subset containing a high TB>> number of redundant zeroes. Odds against a key from TB>> that subset in an ACTUAL TB>> *PGP* key are quite low, and fairly easy to avoid -- RP> RP> Um ... not quite. But you are right: there is such a thing as a weak RP> prime number: i.e. not all prime numbers are created equal. RP> Unfortunately, PGP does not check for weak prime numbers. Pity ... RP> RP> BTW, the 129 digit key that was broken recently was not only small, but RP> weak, in the sense that p and q were much too close one to another. RP> A little knowledge is a dangerous thing ... 'tis indeed -- but I'm not the one with "a little knowledge" ... I found the post I was refering to, and I was correct: JG> From: schneier@chinet.chinet.com (Bruce Schneier) JG> Subject: Weak IDEA Keys JG> Message-ID: JG> Date: Fri, 29 Oct 1993 00:03:58 GMT JG> Enough people asked about weak IDEA keys that it seems prudent to JG> describe the problem on the newsgroup. JG> So, here we go. Weak IDEA keys have been discovered by a trio of JG> cryptographers in Belgium, although if you read Lai's original JG> thesis he talks a bit about this problem as well. JG> Each subkey is a particular substring of bits from the overall JG> key. The use of multilicative subkeys with a value of -1 and 1 JG> give rise to linear factors in the round function. This isn't JG> terribly secure, but its only in a single round. JG> Multiple-round linear factors can be found by combining linear JG> factors where the involved intermediate terms cancel out. JG> There's more math, but the end result is that there is a whole JG> class of weak IDEA keys. They all have a whole lot of zeros in JG> them. For example, one weak key is: JG> 0000,0000,0X00,0000,0000,000X,XXXX,X000 JG> In the above key, X can be any number. JG> These aren't weak keys in the same sense that certain DES keys JG> are weak. These are keys that are easier to cryptanalyze. JG> There aren't many keys that fit this profile, so the odds of JG> choosing a weak key at random is negligibly small: 2^(-96). This JG> will almost never happen if you choose keys randomly, and I doubt JG> a cryptanalyst will get any advantage if by some freak of nature JG> you do. It could be a problem if someone is generating keys for JG> you, but that is a problem in any case. JG> The easy way to fix this is to XOR each subkey with a fixed JG> nonzero number. This number must be chosen carefully; since it JG> is still possible to generate weak keys with some numbers. For JG> example, XORing each subkey with 0DAE (in hex) generates no weak JG> keys. JG> There has been no "official" modification of IDEA to implement JG> this, or any other, modification. JG> BIBLIOGRAPHY: JG> J. Daemen, R. Govaerts, and J. Vanderwalle, "Block ciphers based JG> on modular arithmetic," Proceedings of the 3rd Symposium on State JG> and Progress in Cryptography, Rome 15-16 Feb 93, , pp. 55-61. JG> J. Daemen, R. Govaerts, and J. Vanderwalle, "Weak Keys for IDEA," JG> Advances in Cryptology: Proceedings of Crypto '93, Springer- I do *NOT* have specific documentation that the key "broken" was definately in this class, only that it was a "Weak" key. Since this seems to be the professional cryptographer's definition of Weak IDEA keys, I'd say it's a good bet... Later Daze, -- Tim Bradley " " PGP Key fingerprint = D2 89 52 32 6A 6D A5 C9 53 3D 3C 5E DA 9F 2E 72 <<<<>>>> -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: Would you send a letter without an envelope? iQBVAwUBLoWtZTDp94PCS+V9AQHEvwH9FPvQBUoQnzpUXBSZV23N4wOoOD9KUFxy NvI/wiUpzbskegRaTpaCiKK99GCuqspv1EdaI0Elb4NjLZoxW3Gd3A== =ts0P -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Tim Bradley Area: Public Key Encryption To: Carl Hudkins 25 Sep 94 11:20:56 Subject: Getting Started w/PGP UpdReq In a message of 22 Sep 94 Carl Hudkins wrote to Christopher Baker: CH> On (20 Sep 94) Christopher Baker wrote to Brad Ems... CB>> you have to know how to make and use a public-key. you have to know CB>> that CB>> your secret-key should never be anywhere it may be compromised. [...] CH> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ CH> Just for the humorous value, I thought you might like to know CH> that today I ran PGPSORT on a big Internet keyring I got by mistake a CH> few months back (don't you love unattended FREQs?) and it found three CH> =secret= keys in there! One was from a Steve Jackson. Speaking of PGPSort -- is the source code available? Later Daze, -- Tim Bradley 201434369420143436942014343694201434369420143436942014343694718 From: Brad Ems Area: Public Key Encryption To: David Chessler 26 Sep 94 21:17:20 Subject: Getting started w/pgp UpdReq Thanks for your help, Dave. I've gotten a lot of response and it's helped tremendously. Libertarian ***** LEGALIZE FREEDOM ***** 201434369420143436942014343694201434369420143436942014343694718 From: Jim Gorges Area: Public Key Encryption To: John Schofield 26 Sep 94 21:36:56 Subject: Re: Keep Out Maillist UpdReq JG> Keep-Out's mailing list active and operating? JS> The mailing list software is not operating on my machine, but rather on my JS> Internet provider's machine. (He gates newsgroups to me in standard FTSC JS> format.) I tested it out when we got it installed, and it JS> worked. I'll look JS> into it and see if it works again. Thanks John! Someone else wrote saying the listserver operated as advertised and responded to them. I've tried it from both my local provider and the Cleveland Freenet. So far, no response. I'm not even getting a "hey, dummy!" message in reply. Most puzzling. Jim Internet: grizbud@sns.snsnet.com 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Brad Ems 24 Sep 94 19:28:12 Subject: Re: PGPointers UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 23 Sep 94, Brad Ems was quoted as saying: BE> my key pair with PGP 2.6 (a 1024 bit key) and have begun BE> disseminating it amongst my friends. is it available under magicname PGPKEY for file-request from your system? BE> As for finding a securenet node, I'll keep looking. A couple of do you mean SecureMail? SecureMail is NOT a network. it's a group of FidoNet Sysops who believe in privacy. BE> onto locally are a bit sheepish about providing an area for BE> encrypted files to be up/downloaded lest Janet's Jackboot Revue make BE> a goosestepping courtesy call. there is NO law against encrypting files. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLoS2D8sQPBL4miT5AQHNGwQAmifSHbNILXkmSm3e9r1xyP+6zTDBem7n HF8fIPInUOVs2qYTaTXmfnzqIzfqHwJhGDBB4YuMOCacEk0UiDx01jH1ivfppb/w WmGVJMCTRegPP/JGbyCsnbJxJ4X2xkrAIKKUnaYi3unE0Sf3B3opc6sd65epI4tp TKs8fPpT/QQ= =+vFl -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: John Nieder 24 Sep 94 19:40:16 Subject: Re: Re: Who's This Ashworth? UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 23 Sep 94, John Nieder was quoted as saying: CB> freq SECUREML.ZIP for the SecureMail Routing docs and topography CB> map. JN> Not at all sure how one would do this (see prior message), but JN> I'll take a look at the docs and pass them along to my friend. i'll post them all right here and you can transfer them from here. JN> One problem in the initial dust-up was that the original person JN> who had solicited PGPed mail from my friend was on a non-PGP node - JN> according to Ashworth - but I am not sure about terminology here; is JN> a"node" the individual BBS, or the next level up - the first JN> grouping of local BBSs? in FidoNet, a Node is the lowest level of the organization. a Node is a mailer or a BBS assigned a Node number by the nearest Coordinator. this may be in a local Net [local geographic calling area] or as an independent Node in a Region [large geographic area, e.g., Southeast U.S.]. a Net is a local group of Nodes banded together to concentrate mail routing to one system [Net Coordinator] from the outside. a Region is a large geographic area with many Nets. a Zone is generally a country or very large geographic area. Netmail routing occurs across several different topographies. FidoNet Policy specifies that routed Netmail that is encrypted requires prior permission of all routers before it may be sent. some have taken this silly condition [which never existed prior to version 4 of the Policy] literally regardless of ECPA contravention of intercepting mail not addressed to one. that's why we have formed the SecureMail Routing system. using the SMH route ensures mail will be moved without complaint or inspection. the map and mission statement follows. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLoS45MsQPBL4miT5AQEvxgP/RnbeLnCFhFgoIfuvzGBv+RHEUUICUScG FXbPkqEscly9iRhTFylvcAd9JDvuOsIk0h8SFoy0HgoC+TRqo3809dqg4Bu4Kc9G LTfs1gkgoGYVmwWbGwkOWaLb8LZYXRuIis18w9kEUWW+uTvBWSishKiWuAgZGoDN TJOKXD0G/ww= =ien8 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Carl Hudkins 24 Sep 94 19:42:12 Subject: Re: Key? What key? :) UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 22 Sep 94, Carl Hudkins was quoted as saying: CH> In the meantime, I posted my key to PKEY_DROP yesterday. let me know when and as what your key is available for freq. i like to get them directly. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLoS5V8sQPBL4miT5AQGDsAP8Dvch2JFfXvq3Wxe8XiKpbiCEry8Angxc 3vAGhzaHwFGeDjG1Fl2rLtY0NFXeSBOXqFxu35J5hT0GzI7xhECaBhr3jfOqpT// G3ITpPWAX45tEw5RspGgkWMHWEv/lGQjZ9oxot/nu4ab4NbiyixFwx7/Ao73JBK7 8LdnrVkoNIw= =fhAA -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: All 24 Sep 94 19:44:10 Subject: SecureMail Routing system topography UpdReq -----BEGIN PGP SIGNED MESSAGE----- SecureMail Host Systems Zone Sysop Address |--ISMH Jim Cannell 1:216/21 | | |--Z6SMH Open | |--Z5SMH Open | |--Z4SMH Open | |=================================================================== | |--Z1SMH Jim Cannell 1:216/21 | | RSMH Net Sysop Address Flag | |--- 10 Radi Shourbaji 1:143/110 X | | | SMH |-- 102 Dave Lord 1:102/338 | |-- 119 *none at present* | |-- 125 Barry Kapke 1:125/33 X | | |-- 352 John Burrows 1:352/333 X | | | |-- 143 Radi Shourbaji 1:143/110 X | |-- 161 Bill Faust 1:215/228 | | |-- 215 Joe Pye 1:215/25 | | | |-- 202 *none at present* | |-- 203 Lee Dohm 1:203/111 | |-- 205 Zorch Frezberg 1:205/1701 X | |-- 206 Dan Wilson 1:206/2507 X | |-- 207* Dave Sparks 1:207/212 | |-- 210 Steve Garcia 1:210/11 X | |-- 216 Jim Cannell 1:216/21 X | | |--- 11 Jeffrey Oxenreider 1:226/560 | | | |-- 120 Ryan Anderson 1:120/379 | |-- 226 Jeffrey Oxenreider 1:226/560 | |-- 2202 Ryan Anderson 1:120/379 | |-- 2215 Jim Bailey 1:2215/480 | |-- 2240 Ryan Anderson 1:120/379 | |-- 2410 Ryan Anderson 1:120/379 | | |--- 12 Jesse David Hollington 1:225/1 X | | | SMH |-- 167 Frederic Giroux 1:167/535 | |-- 221 Paul Henry 1:221/279 X | |-- 225 Brett Dubroy 1:225/100 X | |-- 252 *none at present* | | |--- 13 Marc Stuart 1:2624/402 X | | | |-- 107 *none at present* | |-- 267 Matthew Landry 1:267/109 | |-- 2613 Jack Mooney 1:2613/108 X | |-- 2624 Marc Stuart 1:2624/402 X | | |--- 14 Jason Buchanan 1:286/702 X | | | SMH |-- 285 Mike Riddle 1:285/27 X | |-- 286 Jason Buchanan 1:286/702 X | |-- 287 Danny Walters 1:287/507 X | |-- 291 *none at present* | |-- 296 *none at present* | | |--- 15 Dave Munhollon 1:128/86 X | | | SMH |-- 114 Allen Borovkoff 1:114/169 | |-- 128 Dave Munhollon 1:128/86 X | |-- 303 Thomas Lange 1:303/5 | |-- 314 Doug Preston 1:314/5 | | |--- 16 Todd Rourke 1:323/110 | | | |-- 323 Todd Rourke 1:323/110 | |-- 325 Frank Perricone 1:325/611 | | |--- 17 Ted Rolle 1:105/36 | | | SMH |-- 105 *none at present* | |-- 340 *none at present* | |-- 346 *none at present* | | | |--- 18 Christopher Baker 1:374/14 X | | [cbak.rights@opus.global.org] | | | |---- 3:800/857 Jackson Harding 3:800/857 X | | | |------- 285 Mike Riddle 1:285/27 X | | | SMH |-- 116 *none at present* | |-- 123 Scott Miller 1:123/416 X | |-- 135 Tom Cropper 1:135/327 [Down] | |-- 135* David Bobo 1:135/110 | |-- 151 James Barrett 1:151/132 X | |-- 360 Stephen Frazier 1:360/23 X | |-- 365 Chris Britton 1:365/200 X | |-- 366 Rob Buckman 1:366/844 X | |-- 369 *none at present* | |-- 374 GK Pace 1:374/26 X | |-- 375 Tom Jones 1:375/1 X | |-- 378 Sydney Marcus 1:378/10 X | |-- 379 *none at present* | |-- 3647 Gale D. Wilkerson 1:3647/1 X | |-- 3649 Chris Hunter 1:3649/17 X | | |--- 19 Mike Lenker 1:106/1776 X | | | SMH |-- 106 Mike Lenker 1:106/1776 X | |-- 124 Bob Ratliff 1:124/7020 | |-- 130 Dale Hopkins 1:130/908 | |-- 147 Bill Teasley 1:147/3660 X | |-- 170* Jim Watson 1:170/610 | |-- 382 Chuck Haynes 1:382/502 X | | |=================================================================== | | |--Z2SMH Harry Bush 2:51/2 | | | RSMH Net Sysop Address Flag | |--- 50 (Russia) Dmitry Kiselev 2:5026/3 | | | |-- 5022 Dmitry Turevsky 2:5022/8 | SMH |-- 5026 Dmitry Kiselev 2:5026/3 | | |--- 51 (Latvia) Egons Bush 2:5100/8 | | | SMH |-- 5100 Egons Bush 2:5100/8 | | |=================================================================== | |--Z3SMH Jackson Harding 3:800/857 | | RSMH Net Sysop Address Flag | |--- 51 Jackson Harding 3:800/857 | | | |-- 800 Jackson Harding 3:800/857 Note: Those nodes listed with an asterisk "*" are accepting SecureMail for their Nets, but do not currently route mail from their Nets thru SecureMail channels. SecureMail Hosts are identified by the following flags in the FidoNet Nodelist: ISMH - International SecureMail Host ZSMH - Zone SecureMail Host RSMH - Region Securemail Host NSMH - Net Securemail Host SMH - SecureMail participating Node [these flags may or may not be preceded by a U in the Nodelist.] SecureMail Hosts are requested to ask their Local Coordinator for the appropriate UserFlag for their primary Node number. Those currently flying the ?SMH flag in the nodelist are show with an X by their node number. Complete information on the FidoNet SecureMail Host routing system is available by file-request or first-time download as SECUREML.ZIP from the ISMH or any of the RSMH systems. -30- TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLoS5zcsQPBL4miT5AQH42gP+L2O3KYnvnyoQZEy1+WpbyZfR96SHX3HM fMTVu/9X7DrmRdZqN2Exs5Tpw9orwomMLTurAg9HhIboyurc+OqWEQww8oYPyPl1 K7jgHVYe03mvbMf4pU+WHHKh/JFAKGSGCQHhQPStFCqClk5jual1Ak6R4rk3osTn aAQqkw7Tplw= =Q4Sv -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: All 24 Sep 94 19:45:14 Subject: SecureMail Routing Mission statement UpdReq -----BEGIN PGP SIGNED MESSAGE----- The FidoNet (r) SecureMail System 30 Mar 94 Copyright (C) 1994 Jim Cannell [Source: GK Pace, 1993; Christopher Baker, 1994] Introduction: This document describes the SecureMail FidoNet (r) Routing System, its Statement of Purpose, and defines the principles by which it shall be operated. It should be noted that FidoNet is a registered trademark owned by Tom Jennings, used by permission to refer to the FidoNet, a hobbyist network of amateur, independent, interconnected systems (Nodes) providing E-Mail transfer services world-wide. Definition: SecureMail can be defined as a group of FidoNet Sysops who have volunteered to provide an alternative E-Mail routing service within the FidoNet Network. The SecureMail System is a component of the FidoNet Network. SecureMail is NOT an alternative, separate, or distinct network. Statement of Purpose: The primary purpose of Securemail, and reason for its creation is the desire for providing increased privacy in the routing of FidoNet E-Mail. The term privacy as used in the transfer of E-Mail is an arbitrary one. Absolute privacy cannot be expected. The degree of privacy obtained will always be related to the procedure(s), effort used to insure privacy, and should not be expected to be absolute if data is to be communicated from one place to another. Routing of E-Mail, as compared to sending it direct, cannot be expected to have as high of a degree of privacy as might be expected when sending it direct. Those who are engaged in operating the Securemail system do so with the primary goal of insuring that all E-Mail routed thru it be afforded the highest degree of privacy technically possible. Those using the Securemail System can expect to enjoy a higher degree of privacy than other forms of routing, but should not expect absolute privacy. Functional Description: The SecureMail System is a group of individual FidoNet Sysops who have volunteered to work together to provide the SecureMail Routing Service to FidoNet Sysops. This group is organized, but does not have authoritative positions. Each SecureMail Sysop is an independent volunteer furnishing a service. There are no monetary rewards, each Sysop contributes the resources he or she uses to provide the service, including all costs incurred in providing it. The operational structure may appear to have hierarchical order and indeed it does, however such structure implements a routing matrix, not positions of authority. The SecureMail operational philosophy can be described as cooperative autocracy. Each SecureMail Sysop is an independent operator who has volunteered to assume the various responsibilities required of an organized effort. No one is compelled to participate, but participation requires the performance of certain agreed upon functions, standards, and of course interaction as a group. Most of the activities parallel or are incidental to normal FidoNet activities. Routing Hierarchy: The basic routing strategy follows the normal FidoNet pattern of routing thru Zones, Regions, Nets, to Nodes. The difference is that SecureMail traffic is routed thru SecureMail Hosts rather than the FidoNet Hosts. A SecureMail Sysop serving in each position is referred to as a Host. There are functional (not Authoritative) positions such as Zone SecureMail Host (ZSMH) Region SecureMail Host (RSMH) and Net SecureMail Host (NSMH). An International SecureMail Host (ISMH) functions as a central coordinator for this functional hierarchy and maintains the routing lists and this document of intent and mission. Note that at any given time, all positions may not be filled, due to the fact that positions are filled by those who have the means and desire to provide the service of each position. Operational Practices: Each SecureMail Host (SMH) has agreed to route E-Mail (referred to as In-Transit mail) in a manner which provides the highest degree of privacy technically possible. Some variances can be expected, as the technical characteristics of each system differ, however each SecureMail Host strives to provide the best service possible. Specific operational practices include: - In-Transit mail shall not be read. Note that some systems do not provide the ability to restrict a Sysop from viewing In-Transit mail. In such cases the Sysop makes every effort to avoid noticing the content of such E-Mail as they scan thru their message bases. - The content of In-Transit mail shall not be disclosed, or given to anyone but the addressee, except as required for routing thru the SecureMail System. - All SecureMail Hosts agree to route any In-Transit mail they receive. This includes encrypted and clear-signed traffic now refused by some systems in FidoNet. In-Transit mail that cannot be delivered shall be returned to the sender along with a brief explanation of why it could not be delivered. If no local routing via another SMH is available, the mail will be sent directly to its destination by the receiving SMH. - In-Transit mail shall not be censored. Routing of In-Transit mail shall not be refused for any reason even remotely associated to the content of such E-Mail. Note: how could it be if it isn't read in the first place? Avoidance of Liability: Those participating in the SecureMail Routing System do so to provide a service at no cost to those who choose to make use of it. There is no guarantee of performance implied nor accepted by the SecureMail System as an organization, nor by the individuals who voluntarily participate to provide this service. Those who choose to make use of this service should recognize that although we strive to provide the best service possible, we cannot and will not offer any guarantees, nor do we accept any obligation for providing any service, or the performance of any service to a defined standard. Those who provide this service specifically deny any liability for the content of In-Transit E-Mail. Any liability that may apply must rest upon the originator. It is the stated practice of those who participate to provide this service, that In-Transit E-Mail is not read. On that basis, those who participate in the SecureMail Routing System will not have knowledge of the content of In-Transit E-Mail, will not censor, make judgements as to the legality, morality, nor suitability of any In-Transit E-Mail to be routed, before during or after having any contact with it. Those who participate in the SecureMail Routing System do so for the purpose of providing a service to others using the FidoNet E-Mail System. It is specifically denied that such service is supplied for the purpose of promoting, enhancement, implementation, or aiding the accomplishment of any illegal activity. No one participating in the SecureMail Routing System will knowingly allow its use to aid, abet, or otherwise participate in illegal activities, or make use of the SecureMail System for any illegal purpose. Further it is our stated operational practice that we shall not be engaged in viewing In-Transit E-Mail for the purposes of knowing whether or not the content of such could be considered illegal, and specifically deny that we could have any such knowledge. Those engaged in SecureMail Routing are constrained by the ECPA [Electronic Communication Protection Act] and FidoNet Policy in their ultimate handling of In-Transit E-Mail in regard to disclosure. Anyone who supports the goal of E-Mail privacy and who agrees to abide by the standards herein proclaimed, may apply to act as a SecureMail Host Routing System at their own expense and without regard to In-Transit E-Mail content. A list of current SMH Nodes is contained in the file SECUREML.MAP which accompanies this document. Applications may be made via direct Netmail to the ZSMH, RSMH, or NSMH closest to your area. International applications may be sent to the ISMH as listed in the map. Most SMH Nodes are identified by the flags listed above in the FidoNet Nodelist. Any questions regarding the SecureMail Routing System may be directed to any SMH listed Node. A FidoNet Echomail conference for all participating SecureMail Hosts is available as SECUREMAIL from any listed SMH. -30- TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLoS6DssQPBL4miT5AQHQSgQAmZHlQPTkDJleg4JBYTZjWvOhDDB3332F JtlsPLizca6+t774tlVLaUEqcMrRrEf2Sjy6AeLpE0dYR9xUBMocSjfPLFGomf6Q CSjtCOlmRV2DxgcKZKW2283CRCqWslubjnIuSNsTzaciH6MclQeTAF7B5J/zCRbg WILT14vpRBI= =W9GS -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: John Schofield 26 Sep 94 16:58:00 Subject: readers [Was: New To Pgp] UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 22 Sep 94, John Schofield was quoted as saying: JS> No current mail-reader that I know of supports a decrypt function-- GenMsg will decrypt a msg prior to replying if you wish. when you say 'mail-reader' are you just talking about offline readers? TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLoc128sQPBL4miT5AQGmnAP/ZhxhpY6L5jnSn94dGxqV8rqcm+WEymSZ GYpq1pEAWJZudPgdeykc1046in+Va0/hyczGKxATo3J4FTDDLYCi0riyFtPEOS5m qggKekOKeCRUG/W3MSK+X+APWk5P+8VNFCuFbqhhPhvcCex/k1kPmI1yELsjAP4V BG6XLp9AyuY= =Uixj -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Richard Walker 26 Sep 94 17:00:10 Subject: Re: RE: Net 106 (Richard Walker vs. If yall want to use this echo to abuse Net 106, then I feel I must RW> at least make the counter arguments present here also. let's just drop the entire thread. do not respond to any further msgs on the subject of Net 106. use Netmail for any 'counter arguments' you feel compelled to issue. thanks. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLoc2XssQPBL4miT5AQGhtwQAgZvPag0b2Il4bkAeNhfZWtfm8+y+RTwO tQQVlFyfYrvyqgkK/JeDABVstt4aw4RNEIjUdTWc7n3w9zhiFY2h8Stsz6PNDWlm 30f/9CvV1O4bgQe9U4KOGy7Ofm25pwo9kW1ZYCEcl4iJlyqLzdZqUqJqPUn6FS2T KeU712AFK5w= =ZyLM -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: John Nieder 26 Sep 94 17:07:42 Subject: Re: Securemail UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 24 Sep 94, John Nieder was quoted as saying: JN> If I were to post from a non-securemail BBS (1:222/333) to a user JN> at another BBS (1:444/555), I do not understand how I am to route JN> this mail through a Securemail node (1:666/777). As far as I can JN> see, nothing in the file addresses this problem from a user JN> standpoint. if you are not a Sysop, you have no control over the routing. if your Sysop is offering private mail, the Sysop should have already made a routing adjustment in their mail configuration. JN> distance. Is this the "solution" you suggest in the first JN> paragraph? no. JN> When you say "send all his encrypted traffic there," do you JN> actually mean "send all his encrypted traffic FROM there"? I'm lost. sorry, for the confusion. as a User, you have no control over the routing. if your Sysop allows you to encrypt or clear-sign msgs, your Sysop will have had to make routing arrangements in advance to take advantage of the SecureMail Routing system or prepare themselves for complaints from the cryptographically insecure. JN> Back to Square One and the redoubtable Mr. Ashworth. i asked him directly what the problem was. he advised me that the person in question was 'demanding' his traffic be routed. demanding anything in a volunteer organization is historically a very poor way to get any cooperation. as RC or REC, Ashworth is not obliged by Policy to route anything at all. only NCs are required to route or return traffic. the best way to move your traffic is to use systems that subscribe to the privacy ideal and have made the necessary adjustments to move such mail without going thru unwilling routers. this is something that must be worked out with the Sysop of the system you're using. or you could start your own system. [grin] you don't have to have a BBS to be a FidoNet Node. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLoc4IcsQPBL4miT5AQFrOQP/X/orvmDYJaWDNdyW48urZb5xsstmPgWA zKP5uWvLneOgoaMZRodm01VogoLTSr+Iw4SJgTM9JSYRyH7vpQUVHutlNF9T5Kv+ Abw+IEkknJ8pTw3hJUppyFkCSZX9LEr6PkrfcXgTyxpAj0+Mrc7MeG4cq0hEI82d +G4JbrzsqIk= =eiCO -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Brad Ems 22 Sep 94 15:36:16 Subject: Re: Re: Getting Started w/PGP UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 21 Sep 94, Brad Ems was quoted as saying: BE> When I asked about a 'clearinghouse' for messages, I guess I'm BE> asking "How do I get my encrypted file from here to there?" (without BE> a direct connection to the receiver's modem, that is). Is there BE> somewhere messages can be posted for subsequent downloading by the BE> receiver? once again, you are confusing me with the use of 'file' and 'message'. there is no routing of files encrypted or not. msgs may be routed thru the SecureMail Routing system [a group of volunteer FidoNet Sysops who believe in privacy] in any format. if you need a copy of the map, it is frequently posted in here or you can freq SECUREML.ZIP from this system or the ISMH [1:216/21] or any other RSMH. BE> (I don't belong to Internet. actually, you do since FidoNet is gated to Internet and the Internet is just an informal organization of systems. BE> You might say I'm Internet-impaired. Is that a protected minority BE> under ADA?) i doubt it but give it time. [grin] TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLoHcs8sQPBL4miT5AQHUkQQApDVfWzm9AhpwgYziV0R9b10xyru1Gg8r K5VekOQH/qZouMLgGldjueP+SVGkkET25gMjWtQVKUvoc4G22tdjgO71mcxt/56K rfipYmFFBOmyAD0JmHGyUkkeMYQZuGUf6h+cK/sM0vIth00JVV+SqFiht9YOdCvx 8OMwgOGAR5c= =k+9h -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Joe Noel Area: Public Key Encryption To: ALL 22 Sep 94 16:37:16 Subject: PGP Signatures UpdReq * Original Message Dated: 22 Sep 94 16:21:17 * From: Joe Noel @ 1:3805/4 * To: ALL * Msg Header modified by: Christopher Baker @ 1:374/14 * Message text was not edited! -----BEGIN PGP SIGNED MESSAGE----- @MSGID: 1:3805/4 2E81E73D @PID: GenMsg 4.20 [0002] * Original Message Posted via MODERATOR * Date: 20 Sep 94 11:12:07 * From: Joe Noel @ 1:3805/4 * To: ALL * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:3805/4@fidonet.org 8389f55f @PID: FM 2.3.mL.b6 AE000067 Got a couple questions for all you moderators. How many of you allow encrypted messages in your echos? If you do not allow encrypted messages, do you allow the PGP ENCRYPTED SIGNATURE lines? What brought this up is that our net recently had a couple people start sending netmail with PGP thru me. I bounced them, had a vote and the net as a whole decided not to allow encrypted messages in our net. NOW they are claiming that a signature is not an encrypted message. From what I can see, encryption is encryption whether it be a message or a signature. Further, does anyone that uses PGP happen to know (or can test for me), if a person already has the correct signature (possibly sent in another message), could they actually put the message where the signature should be and then the receiving person just edit the message stripping the old PGP SIGNATURE lines add the correct signature back to the bottom? To me it looks like it would be easy to do. Joe Noel NEC NET 3805 @PATH: 3805/4 170/400 280/1 396/1 3615/50 374/1 98 14 -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLoHq7csQPBL4miT5AQFUfAP/X3eCUgoZP419QT7IuP/VtU10n4RsfZgD iLm7JuovDby8h3CcjCoLdb+lDeodBxgwLh5ytU0v+2mNpFTsbDUc4ZTIQSQbHwya 3RaTPOJT4j/CSFoMmdYbXrOaVJOTrwsPCRbkYWEtwxnbwrH3bMNGSQq5HpUny8bl CJZh+WJ5uY8= =Vg2H -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Joe Noel 22 Sep 94 16:37:38 Subject: Re: PGP Signatures UpdReq * Original Message Dated: 22 Sep 94 16:33:19 * From: Christopher Baker * To: Joe Noel * Msg Header modified by: Christopher Baker @ 1:374/14 * Message text was not edited! -----BEGIN PGP SIGNED MESSAGE----- @MSGID: 1:374/14 2E81EA0F @PID: GenMsg 4.20 [0002] * Original Message Posted via MODERATOR * Date: 22 Sep 94 16:32:44 * From: Christopher Baker * To: Joe Noel * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:374/14 2E81E9EC @PID: GenMsg 4.20 [0002] In a message dated: 20 Sep 94, Joe Noel was quoted as saying: JN> Got a couple questions for all you moderators. How many of you JN> allow encrypted messages in your echos? If you do not allow JN> encrypted messages, do you allow the PGP ENCRYPTED SIGNATURE lines? they are completely different animals. why would anyone want an encrypted msg in an Echo? the purpose of Echomail is general consumption. as for a digital signature, it merely authenticates the msg content and sender. it is nothing to fear. in any case, as a Moderator, you may establish any criteria you wish for the content and submissions to your Echo. JN> What brought this up is that our net recently had a couple people JN> start sending netmail with PGP thru me. what does routing Netmail have to do with Echomail? you're now talking about two different operations. routing encrypted Netmail is considered annoying in Policy4 without prior permission from the router. you are not obliged to route it though you have no real reason not to do so. if you are not an NC, you are not obliged to route anything. if you have previously given permission to route thru you, you need to return anything you don't wish to route to the sender with an explanation according to that selfsame Policy4. JN> I bounced them, had a vote and the net as a whole decided not to JN> allow encrypted messages in our net. you needed a Net vote to decide what you would or would not route? you cannot ban a class of msgs by a Net vote. routers may certainly decline to route them but it would be silly to do any more. JN> NOW they are claiming that a signature is not an encrypted message. that is correct. a digital signature is just a digital signature. JN> From what I can see, encryption is encryption whether it be a JN> message or a signature. can you read the msg? then the msg is not encrypted. if you want to read the signature, nothing is stopping you from doing so. it will just tell you the name and Node number of the sender. nothing arcane or secret there. JN> Further, does anyone that uses PGP happen to know (or can test for JN> me), if a person already has the correct signature (possibly sent in JN> another message), could they actually put the message where the JN> signature should be and then the receiving person just edit the JN> message stripping the old PGP SIGNATURE lines add the correct JN> signature back to the bottom? each signature is only valid for the msg it is attached to when sent. the signature block also includes a hash of the numerical value of the msg content. any attempt to alter either the msg or the signature would result in a failed verification. JN> To me it looks like it would be easy to do. what you opine is easy. it will not work, however. any msg so altered will fail to verify the signature or the msg. if you need more info, freq PGP for the MSDOS version of the MIT freeware [in Zone 1 ONLY!] and read the docs. or just freq the docs as PGPDOC. digital signatures are harmless to you as a router or Sysop. they are the only absolute guarantee of a msg's authenticity currently available. they are nothing to be afraid of. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLoHrBMsQPBL4miT5AQETpgQAqUwzUrYpSXcQ84jLmjeIR8Imv7HU5pbl 2esIuItcSXgqIv+VCjfAzknJWz1INg7m/GQ7OyZQBOkpYekU6/M6O/mH4+9W+yp6 XTTx4sO76mM7tFG5pUMx76feFMtLIDZ8FWSOCFfkXOEytlD0TxgVIYd9Af4kgyzM EEaeSIJaggg= =2rIg -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Wes Landaker Area: Public Key Encryption To: Richard Walker 26 Sep 94 19:20:32 Subject: New to PGP UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello Richard! 24 Sep 94 10:53, Richard Walker wrote to Wes Landaker: RW> You somehow think all BBS's are run for the same reason. That RW> doesn't make much sense if you ask me. I run a bbs for my own RW> reasons, not for yours, and not for anyone elses. A BBS is generally run mostly for the use of USERS, Richard, not for the sole use of the Sysop. Otherwise, you might as well just have a point or nothing at all--it would surely be less trouble. :) RW> My reasons: Well, if they're good enough for you, then go ahead! I have no reason to want to stop you from plugging your computer into the phone line. =) WL> Well if the carrier (BBS) is not self-assuming liability, WL> then that would be the user's problem when the FBI showed WL> up, wouldn't it? RW> Doubt you'd be able to convince the FBI of that. Needn't convince the FBI, only a court of law. :) WL> Let me ask you something: do you run a pay BBS, or accept WL> payment or donations in any form? RW> Nope. There is no address or any other notice that would even RW> allow someone to mail me a check. I accept neither donation nor RW> payment for BBS services, and never have. Just curious. =) RW> See above. My BBS is *NOT* a message oriented board. I'm sorry RW> if you believe everyone ought to run exactly the same sort of RW> system; but as it is *MY* equipment, and *MY* time, I will run RW> the type of BBS that *I* want. I just think it's awful silly to carry and intire network on your BBS, and then not let your users see it. You can do whatever you want, though--just as I can continue to think it's absurd. RW> No one can upload diddle. I have no significant amount of RW> shareware period, and that which I use, I have registered. I use RW> commercial programs, all of which I have purchased. Sitting on RW> my right side here, I have close to $5,000 worth of commercial RW> software. Some people spend money on cars, I spend money on RW> software. I think cars are a waste of money. I own a RW> single car, a Toyota Tercel, which I intend to put 500k miles on RW> before I even think about getting a new one. (I already got 120k RW> on it.) I make plenty of money, and could afford a stupid $20k+ RW> car, but I tend to believe that that is the most stupid use of RW> money imaginable. And then some people can't afford either. ;) RW> On the other hand, I think buying Corel Draw and Adobe RW> Illustrator to play with is a perfectly intelligent thing to do. RW> I also own copies of both Lotus 123 and Excel. Amipro and RW> WinWord, Borland C++ and Visual C professional, Greenleaf Commlib RW> and SaxComm, Win NT, Win 3.1, OS/2, Accusoft Image Library, Easy RW> Tax, Turbo Tax, Arago Quicksilver, WinFax, GT Power, HyperComm, RW> Major BBS & Development tools, and on and on and on and on!!! Wonderful--I wish that I had half of that. =) WL> (Didn't you know that DOS's format command writes binary WL> data to an unused portion of the hard drive that, if read by WL> the correct program, displays pornography? ;) RW> Buzzz. That is incorrect. You can assume it's not true, and you can laugh at the very suggestion of it, but you _DON'T_ know that it's not true. =) WL> But . . . wait, Richard; in your last message you said: WL> "Your Honor, I neither read, nor censor, any mail; PERIOD." WL> Isn't this contradictary? :) RW> Nope. You are again falling back on your assumption that all bbs RW> are message and chat boards. I censor no mail because their is RW> no mail not addressed to me or originated from me on my system. That's all fine and dandy, but why then are you worried about the "right" of system operators to screen input from users? =) WL> I still fail to see what your system offers, then. Only WL> local, public, message RW> No message areas what so ever. Zilch. Nadda. Zero. How fun. =) RW> I wrote it, but have little if any time to fix bugs. WL> If I was the procecuting attorney, I would have brought in WL> ten or twenty examples of other avalible software that could WL> be used with your system very RW> Name them. I use GT Power and Binkley 2.50. Name a mail RW> handling software for GT that works as quickly as mine that is RW> not mine. There is one that is close but it hangs periodically, RW> basically whenever a grunged message makes it through the RW> distribution channel. In over two years of continuous operation, RW> mine has never hung. I have absolutely NO desire to research out software like that; I'm sure it could be found, though, as there are PLENTY of other GT Power/Binkley boards out there. :) WL> It's my understanding that there have already _been_ WL> convictions on this type of thing, Richard--I've seen that WL> quoted to you over and over by other people in this echo. RW> Nope. There has not. Give me the fidonet address of the sysop RW> who was convicted for bouncing fidonet messages. I'd also like a RW> case number, so that I might review the actual facts as opposed RW> to what some PGP activist would like the facts to be. Hey, if you want to argue with the law and a score of communication attornies, go right ahead! =) WL> Besides, if the federal government passed a law saying "no WL> chewing bubble gum." Would you waltz out onto the streets WL> poping your bubbles saying, "well, there hasn't been any WL> convictions yet, so I _MUST_ be right!"? RW> Unfortunatly for your side of the argument, there is no parallel. RW> I've read the ECPA, and it don't say diddle about bouncing RW> fidonet messages. I understand that you disagree. However, I RW> remain unconvinced that bouncing a routed fidonet netmail message RW> violates the ECPA. Fidonet messages are _NO_ different that any other kind of electronic communications, so there is no reason that the ECPA would need to mention them. Back to the bubble gum thing (there is an obvious parrellel that you are blatently ignoring), they wouldn't NEED to state a ban on a specific brand (like "Bubble Yum" for instance), because the law would already cover that. wjl [Team OS/2] * 1:202/1822@fidonet.org * 371:30/1@chnet.ftn * * wjl@f1822.n202.z1.fidonet.org * PGP Key: AD2254A5 * FREQ: PGPKEY * -----BEGIN PGP SIGNATURE----- Version: 2.61 iQCVAwUBLoeF48lPrmStIlSlAQFLVwQAiDpV3zptUBfNmeURUWwSzksyZ9s6lHJa YT+5YRkSQ0HxG1JxwiDsMmg3EK4bw8I1nuf6h7cfo5Tob7M647OOGtlRLisYaIHy xrz7lvCv1xYpqiM6f1mYmvxf75oW+nPVk7VkblfyXwOxBPo+01/aeg6j1y/VGDP9 eXZccrt9LQQ= =dXf6 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Wes Landaker Area: Public Key Encryption To: Richard Walker 26 Sep 94 19:40:24 Subject: Net 106 still at it? UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello Richard! 24 Sep 94 11:27, Richard Walker wrote to Wes Landaker: WL> I never said it was illegal to not route it. It's illegal to WL> read it. And if they can tell if it's encrypted or not, then WL> they're LOOKING at it. :) RW> I disagree completely. That's nice. :) I disagree with cigarettes being legal. WL> with worrying so much about liablity on your system? :) RW> Financial liability, not criminal. I feel quite secure from any RW> criminal liability. OTOH, when a lady gets big bucks for RW> spilling coffee on herself, I think I have adequate reason to be RW> concerned about financial liability. Not that I have a lot of RW> money or insurance, but a successful nuisance suit certainly RW> would be annoying to just about anyone. You can be as paranoid as you want to be. My system provides messages of all sorts--I stay away from coffee. =) WL> I'm very glad that you are not part of the routed-netmail WL> system, Richard, as obviously you haven't much of a grasp on WL> it's concept. Why do you want to destroy routed netmail so WL> much? RW> Oh, I understand the technical details quite well, thank you very RW> much. You may believe there is some special "philosophy" about RW> what routed netmail is about, I don't. I feel that routed RW> netmail within fidonet is a really bad idea because of the fact RW> that a netmail message is typically unpacked into a systems mail RW> directory and then scanned back out. I don't have a similar RW> argument with networks that do not do this, GT and most sites on RW> the internet don't do it like that, instead, using a spool RW> directory for the process which can be and often is RW> cleared completely after each mail handling event. That's why you ENCRYPT it--that way it doesn't matter if it's routed. =) RW> My argument about routing *encrypted* mail is that it is using RW> someone elses hardware and phone service to accomplish a task RW> which they have explicitly stated that they do not consent to do. Someone CAN'T say that they'll route all private mail except that which is encrypted, because that would involve CHECKING the mail. I'm not talking about being so stupid as to route through someone who doesn't want to route _any_ mail. RW> I'd bet good money if I tried to sue you, your lawyer might well RW> suggest exactly that tact, and I'd bet more good money that you'd RW> win. Besides, why would you slander me? We certainly disagree RW> about certain things, and I want to end a service which you don't RW> pay for anyway; but that seems hardly worth the effort it would RW> take to have even a minimal impact on my life. I have been, what RW> you might call, "slandered" many times, but its never had any RW> impact on my life. The only people I give a flip about are ones RW> that trust me implicitly, and I make it a rule to never depend on RW> anyone for anything if I would not feel perfectly RW> comfortable putting my life completely in their hands. I'm not implying that I'd _want_ to slander you, Richard. I don't dislike you, I just disagree with you. :) I was simply trying to illustrate a point which, clearly, we have different opinions on. wjl [Team OS/2] * 1:202/1822@fidonet.org * 371:30/1@chnet.ftn * * wjl@f1822.n202.z1.fidonet.org * PGP Key: AD2254A5 * FREQ: PGPKEY * -----BEGIN PGP SIGNATURE----- Version: 2.61 iQCVAwUBLoeHv8lPrmStIlSlAQEXegP9ELv9/ChRrzmieQ1A6zCV9dWSOtA2TY5K oLvLvvbQrdMpgAfisIoS0BpKI9Kc6odLahPW7KVFC/MZr0m1lkXSoPJGbo+uw8Lh 0agJKCQM15iD6EixaNeygCOukjS3w6escU9M2JDsrx4kUp/MrANRYn1qhIo15m91 nQCGvAmbmQQ= =Ehvb -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Bruce Bozarth Area: Public Key Encryption To: John Nieder 25 Sep 94 15:14:00 Subject: Who's This Ashworth? UpdReq On 09-23-94, without care of life or limb, John Nieder spake thusly to Shawn Mcmahon regarding Who's This Ashworth? JN>policy and Federal law. Fidonet sysops still screw around with JN>non-public mail with complete impunity, as though the ECPA doesn't JN>exist. Which may be among one of many factors driving recent legislation in Congress. Where this may ultimately lead is licensed and regulated on-line providers. ... WinQwk 2.0b#0 201434369420143436942014343694201434369420143436942014343694718 From: mark lewis Area: Public Key Encryption To: John Nieder 26 Sep 94 00:04:20 Subject: Securemail UpdReq -----BEGIN PGP SIGNED MESSAGE----- JN> The only solution I see is to blow off trying to post from JN> 1:222/333 and get an account on the Securemail BBS, JN> 1:666/777 - assuming it's a BBS at all and not just a mail JN> gate, will give me access and is not long distance. Is this JN> the "solution" you suggest in the first paragraph? When you JN> say "send all his encrypted traffic there," do you actually JN> mean "send all his encrypted traffic FROM there"? I'm lost. the solution you are looking for is the one that the SysOp has to provide. it's up to him to configure his software to route the mail to a securemail hub IF he wants to. doing this may very well cost him more money than he may already be spending. JN> The other possibility would be to get the actual BBS in JN> question here, 1:125/217 to route its mail to 1:125/33, or that's exactly how it is done... JN> This is not up to me or my friend, unfortunately. talk to your sysop... if you can persuade him to reconfigure then you'll have the "problem" licked... )\/(ark -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLoZJHJsj1FW2DCDFAQHx0QP/VD4DebRon88aHfJw3yq4JlnGH3Kqz+2R rMJnqoOiI7kXhEvT3KS5UmbpvsIZu41+9itYi+oeEKMmkDSu0dCalHulLmt1VyPH BKI9VOjDuB17HOTN9VX/l6hY3VzwKf/KHP5c2AgGCp8mAN8b6W/Ds/l9CEk8pXTk 8868+BYRaLQ= =+vXI -----END PGP SIGNATURE----- # Origin: (1:3634/12) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 153/9125 259/212 382/7 640/217 3611/19 9600/0 SEEN-BY: 9608/0 201434369420143436942014343694201434369420143436942014343694718 From: Scott Miller Area: Public Key Encryption To: Mike Destro 27 Sep 94 19:54:00 Subject: There goes more freedom! UpdReq The post was a joke Mike, move on with your life! >:) ------------------------------------ Scott PGP v2.6 key available! FREQ PGPKEY ------------------------------------ KeyID: 4CA7DD5D 201434369420143436942014343694201434369420143436942014343694718 From: Scott Miller Area: Public Key Encryption To: Richard Godbee 27 Sep 94 19:57:00 Subject: Signing Messages and Other 'Newbie' Questions...UpdReq When he said sign it with your "secret key" that just means the secret key is accessed to encode the data necessary to sign the file. That doesn't compromise security (am I right guys? at least I know I am right about the security) ------------------------------------ Scott PGP v2.6 key available! FREQ PGPKEY ------------------------------------ KeyID: 4CA7DD5D 201434369420143436942014343694201434369420143436942014343694718 From: Carl Hudkins Area: Public Key Encryption To: all 26 Sep 94 08:38:38 Subject: Oops! UpdReq Hey... A useless message may have escaped my system yesterday while I was experimenting with various software. Yeah, I'm an idiot, but at least I realize it! :) carl Boca Chica, Florida carl.hudkins@lunatic.com RIME ->1282 PGP: 2D1E1E39 Fido: 1:124/2113; 1:135/808 ... "Damage control is easy. Reading Klingon--that's =hard!=" --Scotty 201434369420143436942014343694201434369420143436942014343694718