From: Jerome Greene Area: Public Key Encryption To: Scott Miller 22 Oct 94 12:49:20 Subject: Re: Your comment line UpdReq -=>Scott was heard talking about Your comment line<=- Hi Scott! SM> constant is spelled like that, not contant. You're the first to comment on that. You'll see my new line. 201434369420143436942014343694201434369420143436942014343694718 From: Gordon Campbell Area: Public Key Encryption To: Rob Kowalski 20 Oct 94 22:30:00 Subject: Early Public Key Cryptogr UpdReq G'day Rob! From a sea of confusion, the voice of Rob Kowalski was heard: RK> N I am doing research on the history of public key cryptography RK> and would like to find early publications and uses of public key RK> cryptography to protect and/or authenticate executable computer RK> programs. RK> Any clues? Are there any theses on file in GMU's library? I know Queen's University (here in Kingston) has a number of them. Cheers, .....G 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: Christopher Baker 19 Oct 94 10:30:24 Subject: PGP-REXX UpdReq chris, a couple of people here have mentioned posting rexx programs to use with pgp. i've got one that i wrote 6 mo. or so ago that i'd like to post, but it is rather large. is it o.k. to post it as a signed (ascii armored) file? that way it will take considerably less message space. amp <0003701548@mcimail.com> October 19, 1994 11:30 ... To make a cake from scratch, you must first create the universe. -cs 201434369420143436942014343694201434369420143436942014343694718 From: Jim Grubs, W8GRT Area: Public Key Encryption To: Rob Kowalski 22 Oct 94 20:15:00 Subject: Use of Cryptography on Pr UpdReq > @SUBJECT:Use of Cryptography on Programs > N > Jim, > I am not looking for the earliest program, I > am looking for the > first time someone used cryptography to protect a > computer program. Right. I said my first experience with that was PGP 1.0. It was archived with a detached signature signed by Phil. Sincerely, Jim Grubs, W8GRT 201434369420143436942014343694201434369420143436942014343694718 From: Jim Grubs, W8GRT Area: Public Key Encryption To: All 22 Oct 94 20:42:00 Subject: More from PRZ UpdReq Path: voxbox!news From: Philip Zimmermann Newsgroups: alt.security.pgp Subject: PRZ statement on PGP 2.6.i Message-ID: Date: Fri, 21 Oct 1994 11:49:56 -0700 (MDT) Sender: news@voxbox.norden1.com Reply-To: Philip Zimmermann -----BEGIN PGP SIGNED MESSAGE----- To: PGP users From: Philip Zimmermann I have received a many inquiries concerning the status of the various "international versions" of PGP(tm), called PGP 2.6ui, PGP 2.6.i, etc. There are, as many people know, serious restrictions placed on my statements by my lawyers, as a consequence of an ongoing criminal investigation by agencies of the United States Government. I have reviewed copies of the public distributions of these "versions" of PGP, and I have some observations to make. The US Government regards any unlicensed exportation of PGP from the USA as at least potentially in violation of its own regulations governing the export of cryptographic tenchnology. MIT and I took all reasonable steps to prevent such export of PGP. None of the current "international versions" of PGP is an official product of myself or Phil's Pretty Good Software. While I personally regard the application of export restrictions to software such as PGP as unjustifiable and harmful to the interests of both the US Government and its citizens, I do not condone violations of US export law, and I deplore the activities of those who illegally exported any version of PGP developed in the USA. Along with my lawyers, MIT, and others, I am implementing a plan of action that we hope will make PGP legally available throughout the world, for both commercial and non-commercial users who are interested in strong data encryption. The unofficial variant of PGP named PGP 2.6.i by its developers replaces RSAREF routines with other code implementing RSA-related algorithms. I am very familiar with that code, and while I tried to make PGP use RSAREF in a manner that did not suffer a performance penalty, I believe that these other subroutines are at least as efficient, as well as being functionally identical for PGP's purposes. Since the RSA patent does not exist outside the USA, it seems reasonable to not encumber European users with the RSAREF subroutine library and its own additional copyright restrictions (but there's no reason for people in the US to use PGP 2.6.i, and I urge them not to, because that version is not licensed by RSA). PGP 2.6.i also implements some bug fixes which are appropriate for the correction of errors in the official PGP 2.6.1 distributed by MIT; many of those bug fixes, or their precise functional equivalent, appear along with other bug fixes in PGP 2.6.2, planned for distribution by MIT on 24 October 1994. PGP 2.6.i also includes some minor functional enhancements -- including recognition (and beginning in December 94, generation) of keys up to 2048 bits in length--that are consistent with planned future development of the official PGP freeware product. Based on my own review of the publicly-distributed source code, I believe that users of PGP 2.6.i will experience a smooth migration to future versions of PGP which I hope will be legally available for non-commercial and commercial use worldwide. The publisher of 2.6.i, Staale Schumacher in Norway, seems intent in supporting a version of PGP in Europe that is as consistent and as interoperable as possible with my own official PGP releases from MIT. He also seems willing to respect my copyrights, my trademarks, and my agenda for the future of PGP. And he tells me that has has carefully avoided exporting or encouraging the export of PGP from the US. I have no objection to him using the PGP trademark for the version of PGP that he has released. There will be a PGP RFC document released soon, to faciltate the development of PGP standards. The PGP RFC is an informational RFC, and is based on deployed code. After that, a standards-track RFC will likely be started on in an IETF working group, reflecting the new formats of PGP 3.0. This will stabilize PGP formats and facilitate other implementations that interoperate. I am continuing, along with other programmers dedicated to the improvement of public-key encryption for the masses, to develop PGP. Along with my lawyers, I am gradually implementing a plan of action that we hope will make such improved versions of PGP available both inside and outside the US, in full compliance with all applicable laws, including US technology export restrictions. Because of those restrictions, it would be ill-advised for me to participate in cross-border development of PGP at this time. PGP's home is in the US, at least for now. I cannot discuss, until the US Government alters its policies concerning export controls on cryptographic software, such cross-border development. I have read and regretted numerous Usenet news posts speculating on my abandonment of PGP users outside the US. Please be assured that this is not the case. A great deal of effort has been and will continue to be expended on serving the entire worldwide community of users in a lawful fashion. I want to thank all the users across the globe who have supported PGP, and me. Although I think these restrictions on our right to free expression of our technical ideas are at odds with the US Bill of Rights, I deplore the actions of those who have illegally evaded those restrictions by exporting PGP. I am doing everything I can to make strong data security available to everyone in the world, freely and legally. I hope all of you who believe in that goal will continue to support PGP. -Philip Zimmermann prz@acm.org -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLqf+fmV5hLjHqWbdAQHo/gP8CXX9APCu7Xj4v4e/hqsyXI0qAOF734ID 3cEPCxEoGe97r8LQ51jM0iwf6eyz9tr24aNdToggX2P3neDKd6LwwPxu+kDceLut Mmd4tK1Qj5kkWx/cjhNGamv/kD9IQyokvlCqXetGLhld0GNfO+FZyuWs583LC4gK x+5ZbxGdi2w= =uks5 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718