From: Reed Darsey Area: Public Key Encryption To: All 22 Feb 95 06:28:48 Subject: signing *all* the User IDs on a key UpdReq -----BEGIN PGP SIGNED MESSAGE----- An old message from Jim Cannell advised: JC> The only solution that I have found is to add a seperate signature JC> to each UserID. Something that has *not* been made clear in the docs and FAQs I've read so far is that if a person is signing a key with `n' User IDs, then he must do it `n' times. Eg, if I wanted to sign the key below, I'd need to do five "PGP -ks" operations, using a string unique per *each* User ID: Type bits/keyID Date User ID pub 1024/0500BF45 1994/06/27 Michael Paul Johnson mpj8 sig 5F63A5B9 (Unknown signator, can't be checked) sig C7A966DD Philip R. Zimmermann sig 8533EBC5 (Unknown signator, can't be checked) sig 0500BF45 Michael Paul Johnson mpj8 Michael Paul Johnson sig 5F63A5B9 (Unknown signator, can't be checked) Michael Johnson sig 5F63A5B9 (Unknown signator, can't be checked) Mike Johnson <71331.2332@compuserve.com> sig 5F63A5B9 (Unknown signator, can't be checked) Michael P. Johnson sig 5F63A5B9 (Unknown signator, can't be checked) Do not use for encryption after 27 June 1996. sig 5F63A5B9 (Unknown signator, can't be checked) For MS-DOS users, we'd almost have to pre-write a batch file to send along with the key. This must be what is meant by the following excerpts from PGFORMAT.DOC: . . . . . . . . . . . . <<>> . . . . . . . . . . . . . . When a key is certified by a signature, the signature covers both the public key packet and the User ID packet. The signature certificate thereby logically "binds" together the user ID with the key. The user ID packet is always associated with the most recently occurring public key on the key ring, regardless of whether there are other packet types appearing between the public key packet and the associated user ID packet. [ . . . . . ] Here is an example of an ordered collection of packets on a ring: Public key packet Keyring trust packet for preceding key User ID packet for preceding key Keyring trust packet for preceding user ID/key association Signature certificate to bind preceding User ID and key pkt Keyring trust packet for preceding signature certificate Signature certificate to bind preceding User ID and key pkt Keyring trust packet for preceding signature certificate . . . . . . . . . . . . <<< end snip>>> . . . . . . . . . . . . . . Is it general knowledge or practice to sign *all* the User IDS on a key? If the signer simply does "PGP -ks" on the primary User ID, then all the other ones aren't signed. And if that ID is later removed, the bulk of the signatures go, too. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: maf00039@ns1.maf.mobile.al.us / 71450.3460@compuserve.com iQBVAwUBL0rZLj8Bdv6uW++1AQF+jQIAkyG1i7sTjn0lfSh2Tm8kSr8RajbTcqvP 7kBx8eWmGPAaIEjGNNG99RC+kJZtEKBN+l77cyDKU6P9PDDF9TFVcA== =eGi4 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: selena@eff.org Area: Public Key Encryption To: All 23 Feb 95 13:11:24 Subject: Re: EFF Sues to Overturn Cryptography Restrictions Press ReleaseUpdReq * Original Message Posted via CYPHERPUNKS * Date: 22 Feb 95 03:17:02 * From: selena@eff.org @ 1:102/825.111 * To: All * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:102/825.111 00057de1 @REPLYTO 1:102/825 UUCP @REPLYADDR selena@eff.org @PID GIGO+ sn 154 at borderlin vsn 0.99.940127 @Sender: quake!toad.com!owner-cypherpunks @Received: from relay2.UU.NET by netcomsv.netcom.com with ESMTP (8.6.9/SMI-4.1) @ id NAA21898; Wed, 22 Feb 1995 13:43:35 -0800 @Received: from toad.com by relay2.UU.NET with SMTP @ id QQyeft09155; Wed, 22 Feb 1995 16:26:17 -0500 @Received: by toad.com id AA02890; Wed, 22 Feb 95 13:21:53 PST @Received: from eff.org by toad.com id AA02884; Wed, 22 Feb 95 13:21:46 PST @Received: (from selena@localhost) by eff.org (8.6.9/8.6.6) id QAA03838; Wed, 22 Feb 1995 16:17:04 -0500 Date: Wed, 22 Feb 1995 16:17:02 -0500 (EST) From: Selena Sol @To: cypherpunks@toad.com, risks@csl.sri.com, markoff@nyt.com, jswatz@well.com, @ quit@newsday.com, brad@clarinet.com, slf@netcom.netcom.com, @ david@infopro.com, brock@well.sf.ca.us, browning@well.sf.ca.us, @ vic@access.digex.net, ped@timeinc.com, penn@media-lab.media.mit.edu, @ kevin@wired.com, technews@acces.digex.com, af391@freenet.carleton.ca, @ steven@well.com @Subject: EFF Sues to Overturn Cryptography Restrictions Press Release Message-Id: @Mime-Version: 1.0 @Content-Type: TEXT/PLAIN; charset=US-ASCII @Sender: owner-cypherpunks@toad.com @Precedence: bulk EFF PRESS RELEASE EFF SUES TO OVERTURN CRYPTOGRAPHY RESTRICTIONS First Amendment Protects Information about Privacy Technologies February 21, 1995 San Mateo, California In a move aimed at expanding the growth and spread of privacy and security technologies, the Electronic Frontier Foundation is sponsoring a federal lawsuit filed today seeking to bar the government from restricting publication of cryptographic documents and software. EFF argues that the export-control laws, both on their face and as applied to users of cryptographic materials, are unconstitutional. Cryptography, defined as "the science and study of secret writing," concerns the ways in which communications and data can be encoded to prevent disclosure of their contents through eavesdropping or message interception. Although the science of cryptography is very old, the desktop-computer revolution has made it possible for cryptographic techniques to become widely used and accessible to nonexperts. EFF believes that cryptography is central to the preservation of privacy and security in an increasingly computerized and networked world. Many of the privacy and security violations alleged in the Kevin Mitnick case, such as the theft of credit card numbers, the reading of other people's electronic mail, and the hijacking of other peoples' computer accounts, could have been prevented by widespread deployment of this technology. The U.S. government has opposed such deployment, fearing that its citizens will be private and secure from the government as well as from other vandals. The plaintiff in the suit is a graduate student in the Department of Mathematics at the University of California at Berkeley named Daniel J Bernstein. Bernstein developed an encryption equation, or algorithm, and wishes to publish the algorithm, a mathematical paper that describes and explains the algorithm, and a computer program that runs the algorithm. Bernstein also wishes to discuss these items at mathematical conferences and other open, public meetings. The problem is that the government currently treats cryptographic software as if it were a physical weapon and highly regulates its dissemination. Any individual or company who wants to export such software -- or to publish on the Internet any "technical data" such as papers describing encryption software or algorithms -- must first obtain a license from the State Department. Under the terms of this license, each recipient of the licensed software or information must be tracked and reported to the government. Penalties can be pretty stiff -- ten years in jail, a million dollar criminal fine, plus civil fines. This legal scheme effectively prevents individuals from engaging in otherwise legal communications about encryption. The lawsuit challenges the export-control scheme as an ``impermissible prior restraint on speech, in violation of the First Amendment.'' Software and its associated documentation, the plaintiff contends, are published, not manufactured; they are Constitutionally protected works of human-to-human communication, like a movie, a book, or a telephone conversation. These communications cannot be suppressed by the government except under very narrow conditions -- conditions that are not met by the vague and overbroad export-control laws. In denying people the right to publish such information freely, these laws, regulations, and procedures unconstitutionally abridge the right to speak, to publish, to associate with others, and to engage in academic inquiry and study. They also have the effect of restricting the availability of a means for individuals to protect their privacy, which is also a Constitutionally protected interest. More specifically, the current export control process: * allows bureaucrats to restrict publication without ever going to court; * provides too few procedural safeguards for First Amendment rights; * requires publishers to register with the government, creating in effect a "licensed press"; * disallows general publication by requiring recipients to be individually identified; * is sufficiently vague that ordinary people cannot know what conduct is allowed and what conduct is prohibited; * is overbroad because it prohibits conduct that is clearly protected (such as speaking to foreigners within the United States); * is applied overbroadly, by prohibiting export of software that contains no cryptography, on the theory that cryptography could be added to it later; * egregiously violates the First Amendment by prohibiting private speech on cryptography because the government wishes its own opinions on cryptography to guide the public instead; and * exceeds the authority granted by Congress in the export control laws in many ways, as well as exceeding the authority granted by the Constitution. If this suit is successful in its challenge of the export-control laws, it will clear the way for cryptographic software to be treated like any other kind of software. This will allow companies such as Microsoft, Apple, IBM, and Sun to build high-quality security and privacy protection into their operating systems. It will also allow computer and network users, including those who use the Internet, much more freedom to build and exchange their own solutions to these problems, such as the freely available PGP encryption program. And it will enable the next generation of Internet protocols to come with built-in cryptographic security and privacy, replacing a sagging part of today's Internet infrastructure. Lead attorney on the case is Cindy Cohn, of McGlashan and Sarrail in San Mateo, CA, who is offering her services pro-bono. Major assistance has been provided by Shari Steele, EFF staff; John Gilmore, EFF Board; and Lee Tien, counsel to John Gilmore. EFF is organizing and supporting the case and paying the expenses. Civil Action No. C95-0582-MHP was filed today in Federal District Court for the Northern District of California. EFF anticipates that the case will take several years to win. If the past is any guide, the government will use every trick and every procedural delaying tactic available to avoid having a court look at the real issues. Nevertheless, EFF remains firmly committed to this long term project. We are confident that, once a court examines the issues on the merits, the government will be shown to be violating the Constitution, and that its attempts to restrict both freedom of speech and privacy will be shown to have no place in an open society. Full text of the lawsuit and other paperwork filed in the case is available from the EFF's online archives. The exhibits which contain cryptographic information are not available online, because making them publicly available on the Internet could be considered an illegal export until the law is struck down. We are still uploading some of the documents, including the main complaint, so please try again later if what you want isn't there yet. See: http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/ ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/ gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export/Bernstein_case Press contact: Shari Steele, EFF: ssteele@eff.org, +1 202 861 7700. For further reading, we suggest: The Government's Classification of Private Ideas: Hearings Before a Subcomm. of the House Comm. on Government Operations, 96th Cong., 2d Sess. (1980) John Harmon, Assistant Attorney General, Office of Legal Counsel, Department of Justice, Memorandum to Dr. Frank Press, Science Advisor to the President, Re: Constitutionality Under the First Amendment of ITAR Restrictions on Public Cryptography (May 11, 1978). [Included in the above Hearings; also online as http://www.eff.org/pub/EFF/Policy/Crypto/ ITAR_export/ITAR_FOIA/itar_hr_govop_hearing.transcript]. Alexander, Preserving High-Tech Secrets: National Security Controls on University Research and Teaching, 15 Law & Policy in Int'l Business 173 (1983) Cheh, Government Control of Private Ideas-Striking a Balance Between Scientific Freedom and National Security, 23 Jurimetrics J. 1 (1982) Funk, National Security Controls on the Dissemination of Privately Generated Scientific Information, 30 U.C.L.A. L. Rev. 405 (1982) Pierce, Public Cryptography, Arms Export Controls, and the First Amendment: A Need for Legislation, 17 Cornell Int'l L. J. 197 (1984) Rindskopf and Brown, Jr., Scientific and Technological Information and the Exigencies of Our Period, 26 Wm. & Mary L. Rev. 909 (1985) Ramirez, The Balance of Interests Between National Security Controls and First Amendment Interests in Academic Freedom, 13 J. Coll. & U. Law 179 (1986) Shinn, The First Amendment and the Export Laws: Free Speech on Scientific and Technical Matters, 58 Geo. W. L. Rev. 368 (1990) Neuborne and Shapiro, The Nylon Curtain: America's National Border and the Free Flow of Ideas, 26 Wm. & Mary L. Rev. 719 (1985) Greenstein, National Security Controls on Scientific Information, 23 Jurimetrics J. 50 (1982) Sullivan and Bader, The Application of Export Control Laws to Scientific Research at Universities, 9 J. Coll. & U. Law 451 (1982) Wilson, National Security Control of Technological Information, 25 Jurimetrics J. 109 (1985) Kahn, The Codebreakers: The Story of Secret Writing. New York: Macmillan (1967) [Great background on cryptography and its history.] Relyea, Silencing Science: national security controls and scientific communication, Congressional Research Service. Norwood, NJ: Ablex Publishing Corp. (1994) John Gilmore, Crypto Export Control Archives, online at http://www.cygnus.com/~gnu/export.html EFF Crypto Export Control Archives, online at ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/ gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/ 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Jay Blair 23 Feb 95 17:37:44 Subject: Re: Hello UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 20 Feb 95, Jay Blair was quoted as saying: JB> Hello All. Here's My SigNature To Add To All Of Yours... your signature merely verifies the contents of a msg so sealed with your public-key. what you entered below is neither a signature nor a public-key. and public-keys go in the PKEY_DROP Echo. JB> -----BEGIN PGP MESSAGE----- JB> Version: 2.6 JB> -----END PGP MESSAGE----- and you are two versions behind. but welcome to the Echo. [grin] TTFN. Chris [what encloses here is an actual signature.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBL00OPMsQPBL4miT5AQEi/gQArxfzg6Jo+mImVrp4t0Mqd0eBuEtIgyk+ NHvjMMAenYuj23SLyHzujuBbRQDoBc5r+NFjpy0pwjqetWUCQptAcsj4dzUololY rzFG/mHbTUUMJpvqvdaExp3umuFe8ZSpO3fswYA0vNJUvpemMuWAyPQf7o3nsTON RmoR4W0LpH8= =bG78 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Geoff Gowey 23 Feb 95 17:40:22 Subject: Re: PGP ver 2.6.2 UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 21 Feb 95, Geoff Gowey was quoted as saying: GG> Can someone please send me the OS/2 ver of PGP ver 2.6.2. I got you can file-request it here as PGPOS2 so long as you are in the U.S. or Canada. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBL00O2ssQPBL4miT5AQHl6AP9HS6SuJiHA4tmLyXECmT0X+T/v9ADerbv asxuTQ25XU520wM6FLS6/dxmNF2Yzp0flrovXfNR8YVr2TTqlCqVax1tferL1O52 Yhl7TcUrkOyXhxQBIhOvooFwIPo+MztSdFGjDviE47Z+wSLyMd8Sudpy19K27D2s +dRhTZNBsB4= =pwxu -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Glen Todd Area: Public Key Encryption To: Bill Brown 23 Feb 95 20:21:00 Subject: unauthorized info gatheri UpdReq -----BEGIN PGP SIGNED MESSAGE----- *** Answering a msg posted in area PERSONAL_MAIL (Glen's personal mail). Bright the day, Bill! Wednesday February 22 1995 17:41, Bill Brown wrote to Glen Todd: GT>> Once PGP makes it across the border (which 2.6.2 did, within hours GT>> of release) BB> Haven't all of the recent versions been released OUTSIDE the US? Not that I know of, but I don't pretend to be an expert on such things. BB> Big Brother has yet to try to argue against IMPORT of encryption software. Interesting concept.{grin} Wind to thy wings, Glen ... "I'll be Bach." - Johann Sebastian Schwarzenegger - --- GoldED/386 2.50.B1016+ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Joe McCarthy would have loved the Clipper chip. iQEVAwUBL01Q4EsDfAvy+TXBAQHKkQf+PUb8gYbzAc+CiKYaD2Hkbz3IpK7+7WL/ sRDZnka50+BE50tLRhs2WSQepV20H8RsIKeoFedEeMon2LE8J8O24oFCkwqU2T2T qkXfOBFuc4bWv+mswv872TNWfhq1sc4u8xgsN1cA3Ep4uA1UivWI/818qYA/Adrp 27jZiVVLYlz6HnAKqVMWiadCZrnmTEYVmgeGWg62NFrFrb+SyjJv+itkxeZUBHQx w6h9JRl6WnNgrgDiSa6MIwR1Myj06+5OLU1N0+oKrc14tlcco49B9cN+Qa78DfDy e6bXqIB+1z0U/UUaMuAcdnafNFJKNpBS7i9uKQsrQCw0pYQQl1Cj8g== =0Lqp -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Glen Todd Area: Public Key Encryption To: Richard Dale 23 Feb 95 20:24:14 Subject: Can I Freq Pgp? UpdReq -----BEGIN PGP SIGNED MESSAGE----- *** Answering a msg posted in area PERSONAL_MAIL (Glen's personal mail). Bright the day, Richard! Tuesday February 21 1995 16:05, Richard Dale wrote to Glen Todd: RD> This is true. I tend to forget that I play with PGP, ZIP and RD> UU encoders every day, so I'm fairly familiar with the precautions RD> of working on a copy of a file, not leaving the password in the RD> environment, etc. I would say it would be incredibly dangerous to RD> put PGP in the hands of about 90% of the people I've ever met who RD> work with a computer. Indeed. I work in a fairly unusual envirnment in terms of computer literacy - -- ~95% software engineers. Most people seem to have trouble enough managing something as complex as 'format a: /sys'. Wind to thy wings, Glen ... Against stupidity, the Gods themselves contend in vain. {Talk about an appropriate _random_ tagline.} - --- GoldED/386 2.50.B1016+ Gamma -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Joe McCarthy would have loved the Clipper chip. iQEVAwUBL01SLksDfAvy+TXBAQG4zgf/bCUF6sRtwf9Fzqo6nA6wlkWq9Y2QOvjW 0R4d3HiyyA1UNtNTiiimV0HEOT6bc0EDKYLcp1f3Yg8Tq6N+H6k6373R1oVlz+mA TRL4cLCiDnBlmNnhBKn5GRcPdydxv8J0WRQbpP2NXakLi8C1cji1CSRuJjSQXLuk otjow7iGycTRV+B1oOTVSmGSwbDFVapXBMC03aT7SIw8jA19S51nybbZF5UEgcHY xv9HLtP0fLydk6SiaQiNv4DE04b9m/gM6hw5EJ7LrOCN+GOCYvUKHkMy4Jj7TnbB mVvpCZPWUyUW+HOqW86yIWCqIYmaDMmTQL5i8lui+vI2MRxHQQ/uag== =4PFI -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Doug Muth Area: Public Key Encryption To: L P 23 Feb 95 19:37:00 Subject: Re: Offline Readers & Pgp UpdReq -----BEGIN PGP SIGNED MESSAGE----- Greetings L P! LP> What QWK mail offline readers that incorporate PGP are you using that LP> you especially like? What do you particularly like/dislike about LP> them? Where can I FREQ them to try them? It seems that most of the PGP stuff for QWK mail is written with Blue Wave in mind. the one I prefer is PGP Load version 1.2. I don't know where you can FREQ it though... Doug.... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: My PGP key is requestable from the keyservers on the Internet. iQCVAwUBL00qPB0LJlIsPN1JAQEFNwQAs3q9hrkjEZBFo0Uzpkle/wyJxdGXfZ8y X55blFTdX5EI9Cwu13HF57IEmkxtRYpDtH1+scyibnq9emiqS5iutDuuydrAaXEN uaw7ErihUu1Vd1+x1HCOpyIdA7bTjI8p5COwZBWv6tlVMFei426h7k+SiZgVEvls z1RZqFEya58= =P02Q -----END PGP SIGNATURE----- ~~~ PGPLoad 1.2 -[UNREGISTERED]- ... New from Microsoft: Online mail reader. ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Jim Bell 24 Feb 95 12:13:26 Subject: Pgp news UpdReq Despite the stern warnings of the tribal elders, Jim Bell said this to DAVID CHESSLER: JB> An "implied threat"? Hardy har har! Just exactly how "implied" must JB> it be to be a "threat"? Just enough to fuck Phil Zimmerman over and cause a measurable, albeit small, amount of harm to our hobby. Jim, it's a bad idea, ok? The fact that so many people who've agreed with you on so much in the past, including Phil's lawyer, think it's a bad idea should tell you something. Forget whether it's actually a threat; forget whether you'd win in court or not. Think about the *EFFECT* you *WILL* have, not the effect you *WANT* to have. Nobody but you thinks that a jillion letters will scare this guy off of Phil's back. 201434369420143436942014343694201434369420143436942014343694718