From: Robert Purnell Area: Public Key Encryption To: Glen Todd 30 Apr 95 08:19:22 Subject: Hey Thanks! UpdReq Greetings Glen! Got the info, thanks for delivering it to the "Front Door" . Do you have an internet address? Regards, Bob 201434369420143436942014343694201434369420143436942014343694718 From: John Schofield Area: Public Key Encryption To: Jay Banks 28 Apr 95 09:02:16 Subject: Encrypted Messages˙˙˙˙˙˙˙ UpdReq -----BEGIN PGP SIGNED MESSAGE----- --==== JS>Even though use of PGP is legal, you could have been sued for patent >infrigement. (You could still be sued, if you use a version of PGP prior to >2.5.) There was some doubt, as I recall, whether PKP's patent would stand u >in court. Since they never sued anyone for using PGP, we probably will neve >know. JB> Does anybody know if anybody has ever been arrested for exporting JB> PGP??? Nobody has been arrested (to my knowledge) but Philip Zimmermann (PGP's author) is under investigation. Please see the below excerpt from the PGP documentation, and please contribute something to his legal fund. Philip Zimmermann's Legal Situation - ----------------------------------- At the time of this writing, I am the target of a US Customs criminal investigation in the Northern District of California. A criminal investigation is not a civil lawsuit. Civil lawsuits do not involve prison terms. My defense attorney has been told by the Assistant US Attorney that the area of law of interest to the investigation has to do with the export controls on encryption software. The federal mandatory sentencing guidelines for this offense are 41 to 51 months in a federal prison. US Customs appears to be taking the position that electronic domestic publication of encryption software is the same as exporting it. The prosecutor has issued a number of federal grand jury subpoenas. It may be months before a decision is reached on whether to seek indictment. This situation may change at any time, so this description may be out of date by the time you read it. Watch the news for further developments. If I am indicted and this goes to trial, it will be a major test case. I have a legal defense fund set up for this case. So far, no other organization is doing the fundraising for me, so I am depending on people like you to contribute directly to this cause. If you care about the future of your civil liberties in the information age, then perhaps you will care about this case. The legal fees are expensive, the meter is running, and I need your help. The fund is run by my lead defense attorney, Phil Dubois, here in Boulder. Please send your contributions to: Philip L. Dubois, Lawyer 2305 Broadway Boulder, Colorado 80304 USA Phone (303) 444-3885 E-mail: dubois@csn.org You can also phone in your donation and put it on Mastercard or Visa. If you want to be really cool, you can use Internet E-mail to send in your contribution, encrypting your message with PGP so that no one can intercept your credit card number. Include in your E-mail message your Mastercard or Visa number, expiration date, name on the card, and amount of donation. Then sign it with your own key and encrypt it with Phil Dubois's public key (his key is included in the standard PGP distribution package, in the "keys.asc" file). Put a note on the subject line that this is a donation to my legal defense fund, so that Mr. Dubois will decrypt it promptly. Please don't send a lot of casual encrypted E-mail to him -- I'd rather he use his valuable time to work on my case. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: The Sprawl BBS at +1-818-342-5127 -- your privacy source! iQCVAwUBL6EQmGj9fvT+ukJdAQHDawQAwLQ1KWSjBae0woZGqNCQVdd60aGBmA1d Ln1Kl78EGZJHYrue9wLRZcqcQebUAvcE5x6+eoU3vuCkv0MHqkeHSFsCDflAdzH3 mu/Orwxnp/MOo/mW9WC1vV8OBArJ0yRUylsBsI0LTfAKsKLFbrRDe78pkSQCsaMA IQYutnUr7wY= =mV09 -----END PGP SIGNATURE----- ... Some days it's not worth chewing through the restraints. 201434369420143436942014343694201434369420143436942014343694718 From: Tom Almy Area: Public Key Encryption To: jason carr 28 Apr 95 13:53:54 Subject: Send/rec PGP Msg's UpdReq -=> Once upon a time, jason carr said to Tom Almy <=- TA> Private, direct email would be better. Why post (for wide TA> distribution) a personal message? Only advantage is to jc> What if you need to have secure commo within a group? Encryted jc> echomail is a beautiful answer... OK, I'll grant you that one. But the echo should be a privately distributed, or at least local, for economic reasons. jc> ...put forward after someone radically developed the system. Had not jc> someone been quite creative, public-key cryptosystems would not exist. jc> After all, it radically changes the idea of a key. "Hey, instead of jc> protecting the key, let's publish it!" The creativity has to be tethered with knowledge. In Donald Knuth's Art of Computer Programming, he discusses his first pseudo-random number generator. It was very creative. But it was also a poor generator. You need a thorough understanding in cryptographic techniques *first* before tinkering with the algorithms. Is there any reader here who feels qualified to develop secure cryptographic algorithms? jc> I salute the people who sit up nights altering the sourcecode. jc> Unofficial versions resonate deeply of Phil's vision. Well, yes and no. He certainly invites people to tinker with it. But he also warns people not to label these unofficial versions as "PGP." Tom 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Shawn Mcmahon 29 Apr 95 16:34:48 Subject: Re: Encrypted Messages UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 28 Apr 95, Shawn Mcmahon stated: SM> proven by his backtracking and insults since. Par for the Dale SM> course, and let's keep the personal stuff in Netmail. thanks. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: SUPPORT the Phil Zimmerman Legal Defense Fund! iQCVAwUBL6Ki3MsQPBL4miT5AQHDHgP+IVd0ojSeykFAgc32cg8IuSfzbSwU9on9 5jLwQyWmVCvrUEgz1/IB4Z5OOSQEzlKVtQNZ0Xp7++NRWILsvkjsYeZf7bghSkIE tRWHP/ksrbLbClMysjcadTzLaq0LNbdnsNwBvEDWtkx6XYjiol/L/dphwE37s9o7 7ssLPKN8jtg= =GaT9 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Kevin Mccauley 29 Apr 95 16:32:16 Subject: Re: Here's My Key UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 27 Apr 95, Kevin Mccauley stated: KM> Hello everyone ... here's my public key ... (I hope) just in case KM> anyone wanted to send me something encrypted ... keys go in the PKEY_DROP Echo which should be available wherever you get this one. KM> BTW I'm sorry about sending the encrypted mail a little while back. no big deal. thanks. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: SUPPORT the Phil Zimmerman Legal Defense Fund! iQCVAwUBL6KiRMsQPBL4miT5AQHs0gP/fDqqPX/0Lc5CGB55gJaptgo2OqHKPiYe Fv2G47+XQpjS3zsbsT8CYwGPP+5vFwAvn7JbAGh3Ccgoqzyq2qX39eEu/8DrX+a5 6EmCbrHTzmEEEew2xhl4WzlJoFUIFn2wkPgq/WoMRmEF+2odCfXt5WJ1mmnN4xFu vJjv/D30GHI= =Q3GC -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Laurence Lane Area: Public Key Encryption To: Ian Hebert 29 Apr 95 01:55:40 Subject: Send/rec PGP Msg's UpdReq Saturday April 22 1995 20:15, Ian Hebert wrote to Tom Almy: CF>> I've never found an echo strictly for PGP msg's. TA>> No reason for one. PGP is a tool, not an end in itself. Using PGP TA>> is not a game. IH> Actually, there are two Usenet groups, alt.anonymous and IH> alt.anonymous.messages. The idea behind these is that people can post IH> encrypted messages to you there; you can pick out the ones to you via IH> a pre-arranged subject header. Why not just mail direct? laurence.lane%selfhelp@cjbbs.com 201434369420143436942014343694201434369420143436942014343694718 From: jason carr Area: Public Key Encryption To: Tom Almy 29 Apr 95 12:51:58 Subject: Send/rec PGP Msg's UpdReq -----BEGIN PGP SIGNED MESSAGE----- Tom Almy wrote in a message to jason carr: jc> What if you need to have secure commo within a group? Encryted jc> echomail is a beautiful answer... TA> OK, I'll grant you that one. But the echo should be a TA> privately distributed, or at least local, for economic TA> reasons. I've never said that encrypted echomail should be backboned. Even if it did not waste money, it increases exposure of your text and makes the fallout of a mistake that much worse... ouch. jc> After all, it radically changes the idea of a key. "Hey, instead of jc> protecting the key, let's publish it!" TA> The creativity has to be tethered with knowledge. In Donald Not really. The peer review has to be tethered with knowledge. TA> Is there any reader here who feels qualified to develop TA> secure cryptographic algorithms? Not me. I can barely configure my BBS. :) jc> Unofficial versions resonate deeply of Phil's vision. TA> Well, yes and no. He certainly invites people to tinker with TA> it. But he also warns people not to label these unofficial TA> versions as "PGP." I don't doubt that, but I haven't found it in the docs. Was this from an interview? Now, I /do/ recall that the 'whatsnew' to 2.6ui warned against using the armor version keyword to set versions indiscriminately. But even that wasn't Phil... jason timEd-B9 - Real women don't deflate when you bite them ... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Cryptography and echomail aren't mutually exclusive. iQCVAwUBL6KaqUjhGzlN9lCZAQGUHQQAqNcmjWt7GKhfAtoxPyNrRBZjqqWdflHC dPFMH1CVT7Dt5/bA5YFEQAvGH7UjlNcc3DiZ5hWyt2Yr/sEelRnudBycgMSxEJbb bKCYYu/vUqBm96yUFCP2XGNFl5x4vj6rcONfDjkwkwJoDuCkb3hTTguMAhP96YEG brlvP2j1rCE= =PL08 -----END PGP SIGNATURE----- ... Key fingerprint = 60 97 B2 AE 7D 90 11 2F 05 1C 35 98 E9 B9 83 61 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Jeffrey Bloss 29 Apr 95 12:47:14 Subject: Re: encrypted messages UpdReq Despite the stern warnings of the tribal elders, Jeffrey Bloss said this to Shawn Mcmahon: JB> Being dynamic it's a bit harder to nail down exact countries' JB> specific laws, but as of late 1994 approximately 70% of the JB> world's countries had varying degrees of legal requirements JB> that had to be met before sending encrypted traffic across JB> their borders, Irrelevant to the present discussion, but an interesting figure. JB> and 40%(+/-) limit or require permits of some type to use JB> it internally. Source, please. And in any event, if "requires a permit to use" translates as "illegal" then automobiles are illegal in the United States. The discussion was countries where PGP is ILLEGAL. Do you have any numbers on that? And, if so, can you tell us where you got them? 201434369420143436942014343694201434369420143436942014343694718 From: Marius Strom Area: Public Key Encryption To: Michel Bertler 27 Apr 95 20:36:22 Subject: Re: Ibm & Mac PGP? UpdReq MB> I was wondering if there's any Mac+Ibm common ground for PGP, could you MB> tell? MB> I don't know, but a nice rubber mallet would take care of the Mac issue... ;) -=-Marius Strom-=- 201434369420143436942014343694201434369420143436942014343694718 From: Tom Almy Area: Public Key Encryption To: Michael Babcock 29 Apr 95 22:25:54 Subject: keyring problems UpdReq -----BEGIN PGP SIGNED MESSAGE----- -=> Quoting Michael Babcock to TOM ALMY <=- MB> Would you mind taking the time to post your public key in the MB> public keys echo? Thanks. OK, however the key is on the Internet key servers, and is available for FREQ from here (PGPKEY). If you *really* care, consider that the only one you can start to trust is the one for FREQ. Tom -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBL6Md6Nmt3ugi2IbhAQFM0QP/S3f4HqhNEyX1PZykoisPN9bGd3B6stRU KW4gT0QKSVepJ8JcTlbnD5jRbf1LOQU0X9YLEQ4oOueXafp2RM+m2PSAMtDFOZz/ dP2hVvQCWpWeHs0wSxn6OUWBNv+UXEvCJxbZMFQWYLsY6fRZ3zBHd1vOdzza78Vr GRt49yZAZsg= =TKxz -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Gary Roth Area: Public Key Encryption To: Andy Hayes 28 Apr 95 06:35:00 Subject: PGP stuff UpdReq AH> Is there an add-on utilty for OLX (or OLX-td) that will allow me to AH> use PGP with it? AutoPGP version 2.2b2. --- * RM 1.3 01128 * Dinner is done when the smoke alarm sounds. 201434369420143436942014343694201434369420143436942014343694718 From: Tom Almy Area: Public Key Encryption To: Turiyan Gold 29 Apr 95 22:25:54 Subject: Send/rec PGP Msg's UpdReq -----BEGIN PGP SIGNED MESSAGE----- -=> Quoting Turiyan Gold to Tom Almy <=- TA> 4. sign keys where they aren't absolutely sure about the owner (meet TA> them personally and check IDs). TG> How is 4. possible internationally? It isn't possible unless you verify via telephone (including requesting from the owners BBS, if any). There is nothing wrong with *not* signing any key, just don't sign a key you aren't *absolutely* sure about. Tom -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBL6Mbptmt3ugi2IbhAQGs8QP/fPP/QkZUp9ZT6crcBVMuRbcpHoXRKrAv YlraU48OxbioGVty+9gegGKyfmr7k/ZlqwssL91ViRCiGvJnzY2JHIpc0KZJqnk6 So2A3/jvaMCr8l3rLgn5ZTptCdUw9pNhAr3WQA8R1UPDMSM5vnrq0FtnbhKE6Wvf fo2v4iXKgTM= =5ect -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Jeffrey Bloss Area: Public Key Encryption To: Turiyan Gold 29 Apr 95 22:26:00 Subject: Re: Send/rec PGP Msg's UpdReq -----BEGIN PGP SIGNED MESSAGE----- TG>> TA> 4. sign keys where they aren't absolutely sure about the owner (meet TG>> TA> them personally and check IDs). TG>> How is 4. possible internationally? Ahhhh... something I was poking at a while ago when I brought up the Mental Poker protocol. ;) It's called "zero knowledge proof of identity", and it's a mathematically provable thingy. :) In short form, it requires a couple messages sent from point 'A' to point 'B' that conform to certain "rules" laid out by the person requiring the proof. Point 'B' asks point 'A' to jump through a few hoops that reduce the chances of point 'C' pretending he/she is point 'A'. If you're interested, I'll post some specifics. :) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: -=[ Privacy Through Random Acts Of Encryption ]=- iQCVAwUBL6L1POkStfMM4BMZAQGXAwP/TD42gKK952XrIIkqjycR0Fiv6LqermxA KAx+SB8rR3rCcWiuQ4cmT61AbKFqTk/GK0BpdpzoOGn/Ki3MRoBPVSW6UFoABuAt KlZEEsB4WH0EIl1dFb4FKcYZcEJm8EXDRHjqudRwYLlY2U5HzzQIWYcrrsVvCVql luiuZBrYiYA= =Ezy5 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Marius Strom Area: Public Key Encryption To: Scooter Stone 24 Apr 95 23:13:46 Subject: Re: Usurper, UpdReq SS> Come on people and play some Usurper, Darkone needs some competition. SS> Hey! A lot of us out here play Usurper, just not on the board you're on... Wrong place to post that message...Try a local area next time. -=-Marius Strom-=- 201434369420143436942014343694201434369420143436942014343694718 From: Ian Hebert Area: Public Key Encryption To: John Stephenson 27 Apr 95 13:46:10 Subject: PGPWAVE clock shutoff? UpdReq Hi John! I've been playing around with PGPWave for a little while now, and I like the program very much. I think it will go a long way to making PGP more acceptable to newbies, who don't like command-line interfaces. However, there is one feature of the program that I would very much appreciate if you would modify--could you please include some type of toggle switch to turn off the clock? The reason I'm asking is that my girlfriend would like to use PGPWave, but the clock drives her crazy. She is blind and uses a speech- synthesizer and driver software to access DOS programs, and as long as the clock is on the synthesizer keeps reading the time as the digits change (in other words every digit of every second is announced.) Thanks. Ian Hebert London, Ontario, Canada RIME: HOMEBASE (5508) Fido: 1:2401/114 Internet: ian.hebert@homebase.com PGP Key: 1024 / 077A2F7F 1993/02/11 PGP Key Fingerprint: A2 15 DE 22 DA FE D4 DC 0F 17 43 24 1F F2 1E 7B 201434369420143436942014343694201434369420143436942014343694718 From: Ian Hebert Area: Public Key Encryption To: Tom Almy 28 Apr 95 16:20:10 Subject: Send/rec PGP Msg's UpdReq TA> -=> Quoting Ian Hebert to Tom Almy <=- TA> IH> Actually, there are two Usenet groups, alt.anonymous and TA> IH> alt.anonymous.messages. The idea behind these is that people can TA> IH> post encrypted messages to you there; you can pick out the ones TA> IH> to you via a pre-arranged subject header. TA> Major waste -- why not just send email? Or is this just to foil TA> attempts at traffic monitoring? Major waste? Anything but! The idea is to implement an electronic equivalent of the espionage agents' dead drop, only going one better. With a real dead drop, there was always the potential for interception as one went to collect the message or instructions. With a widely-distributed electronic newsgroup, like alt.anonymous messages, one can pick up or drop off information from almost anywhere. Literally, there is no email address to be traced. Consider the following fascinating posting I found some time ago on Usenet: From: NOBODY@REPLAY.COM Public To: ALL Date: 02/23/95 at 00:00 Re: [BlackNet] Request for Comments Message-ID: <3igj76$594@news.xs4all.nl> Newsgroup: alt.religion.scientology,alt.anonymous.messages Organization: Replay and Company UnLimited. Dear Sir, We would like to get in contact with the person who is publishing the Operating Thetans of the Church of Scientology via anonymous remailers. Your name has come to our attention. We have reason to believe you may be interested in the products and services our organization, BlackNet, has to offer. BlackNet is in the business of buying, selling, trading, and otherwise dealing with *information* in all its many forms. We buy and sell information using public key cryptosystems with essentially perfect security for our customers. Unless you tell us who you are (PLEASE DON'T!) or inadvertently reveal information which provides clues, we have no way of identifying you, nor you us. Our location in physical space is unimportant. Our location in cyberspace is all that matters. Our primary address is the PGP key location: "BlackNet Operator " We can be contacted (preferably through a chain of anonymous remailers) by encrypting a message to our public key (contained below) and depositing this message in one of the several locations in cyberspace we monitor. Currently, we monitor the following locations: alt.religion.scientology, alt.fan.david-sternlight, alt.anonymous.messages, alt.security.pgp control. BlackNet is nominally nondideological, but considers nation-states, export laws, patent laws, national security considerations and the like to be relics of the pre-cyberspace era. Export and patent laws are often used to explicity project national power and imperialist, colonialist state fascism. BlackNet believes it is solely the responsibility of a secret holder to keep that secret--not the responsibilty of the State, or of us, or of anyone else who may come into possession of that secret. If a secret's worth having, it's worth protecting. BlackNet is currently building its information inventory. We are interested in information in the following areas, though any other juicy stuff is always welcome. "If you think it's valuable, offer it to us first." - trade secrets, processes, production methods (esp. in semiconductors) - nanotechnology and related techniques (esp. the Merkle sleeve bearing) - chemical manufacturing and rational drug design (esp. fullerines and protein folding) - new product plans, from children's toys to cruise missiles (anything on "3DO"?) - business intelligence, mergers, buyouts, rumors BlackNet can make anonymous deposits to the bank account of your choice, where local banking laws permit, can mail cash directly (you assume the risk of theft or seizure), or can credit you in "CryptoCredits," the internal currency of BlackNet (which you then might use to buy _other_ information and have it encrypted to your special public key and posted in public place). If you are interested, do NOT attempt to contact us directly (you'll be wasting your time), and do NOT post anything that contains your name, your e-mail address, etc. Rather, compose your message, encrypt it with the public key of BlackNet (included below), and use an anonymous remailer chain of one or more links to post this encrypted, anonymized message in one of the locations listed (more will be added later). Be sure to describe what you are selling, what value you think it has, your payment terms, and, of course, a special public key (NOT the one you use in your ordinary business, OF COURSE!) that we can use to get back in touch with you. Then watch the same public spaces for a reply. (With these remailers, local PGP encryption within the remailers, the use of special public keys, and the public postings of the encrypted messages, a secure, two-way, untraceable, and fully anonymous channel has been opened between the customer and BlackNet. This is the key to BlackNet.) -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.7 Comment: BlackNet Operator mQCNAi0kr4gAAAEEAMwUt/tocEsdvyOOrrdILv8/FRq6jdiHbbjszv0hKxl8STtY ZjJeeGHKx/QybUkmG68gpAlluOf2yyadej7pwuUaexzrNuVmRi8yvqY95Tu/TYV6 ueBKh/lkAZE4StHVK4gAagLYb5+Tt1pCQZuu71oUWci3DA9wXw6AJTya7AYxAAUR tDtCbGFja05ldCBPcGVyYXRvciA8YWx0LmFub255bW91cy5tZXNzYWdlc0BuZXdz LmRlbW9uLmNvLnVrPg== =mwaZ -----END PGP PUBLIC KEY BLOCK----- Join us in this revolutionary--and profitable--venture. ~~~~~~~~~~~~~~~~~ Ian Hebert London, Ontario, Canada RIME: HOMEBASE (5508) Fido: 1:2401/114 Internet: ian.hebert@homebase.com PGP Key: 1024 / 077A2F7F 1993/02/11 PGP Key Fingerprint: A2 15 DE 22 DA FE D4 DC 0F 17 43 24 1F F2 1E 7B 201434369420143436942014343694201434369420143436942014343694718 From: Peter Hempel Area: Public Key Encryption To: All 29 Apr 95 17:52:00 Subject: Fido Encryption UpdReq I would like to know which conferences on Fidonet allow private encrypted messages to be sent; if any. Peter Ajax, Ontario, Canada | UUCP: canrem!peter.hempel Fido: 1:229/15 | Internet: peter.hempel@canrem.com ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Tom Almy Area: Public Key Encryption To: jason carr 30 Apr 95 08:26:10 Subject: Send/rec PGP Msg's UpdReq -----BEGIN PGP SIGNED MESSAGE----- -=> Quoting jason carr to Tom Almy <=- TA> But he also warns people not to label these unofficial TA> versions as "PGP." jc> I don't doubt that, but I haven't found it in the docs. Was this from jc> an interview? jc> Now, I /do/ recall that the 'whatsnew' to 2.6ui warned against using jc> the armor version keyword to set versions indiscriminately. You expect a comment against unoffical PGPs to be found in an unoffical version? :-) You'll find it in the docs for 2.6.2: ********** You may also disseminate the source code release package. PGP's own source code is published to assist public scrutiny of PGP to show that it has no hidden weaknesses or back doors, and to help people to find bugs and report them. Recompile it and port it to new target machines. Experiment with the code and learn from it. I place no restraints on your modifying the source code for your own use. However, do not distribute a modified version of PGP under the name "PGP" without first getting permission from me. Please respect this restriction. PGP's reputation for cryptographic integrity depends on maintaining strict quality control on PGP's cryptographic algorithms and protocols. Beyond that, ad hoc "improvements" to PGP can affect interoperability, which creates user confusion and compatability problems that could damage PGP's (and my own) reputation and undermine the good will earned by the PGP trademark. This has already started to happen, which is why I'm making a point of it here. This creates technical support headaches, and I get phone calls from confused users who run into problems either because they have a mutant strain of PGP, or are trying to process a key, signature, or message that came from an incompatible mutant strain of PGP. The source code to PGP was not published to help spawn these mutant strains. If you want to distribute a modified version of PGP, or use a modified version to send messages to other people, you should name the program in such a way that no one could mistake it for PGP. The messages, signatures, and keys it produces must also be labeled in such a way that no one could mistake them for material produced by PGP. If you feel you must modify your copy of PGP, and there is any chance that the modified version could escape into the environment, please contact me first to discuss some easy methods for how to prevent people from confusing your version with the standard PGP. Perhaps we'll even decide that your changes are appropriate for incorporating into the standard PGP release. ... [However, here is the escape clause for versions outside the USA:] Outside the United States, the RSA patent is not in force, so PGP users there are free to use implementations of PGP that do not rely on RSAREF and its restrictions. Canadians may use PGP without using RSAREF, and there are legal ways to export PGP to Canada. In Canada, where RSAREF is not needed, it is easy to modify and recompile the current PGP source code to perform the RSA calculations without using the RSAREF library, just as it was done in PGP 2.3a. In such a case, this modified PGP may be re-released under the identical licensing terms as the current official freeware PGP release, but without the RSAREF-specific restrictions. It may not be re-released under the GPL, as certain older versions were. And this manual must accompany it. That modified version of PGP may not be used in environments where RSAREF would be needed. ******** So only two versions are "authorized". One being his official version, for use inside the US and Canada. And the other being 2.6.2 with RSAREF removed and the version of RSA algorithms in 2.3a added for use outside the USA. I believe that 2.6ui is really 2.3a that identifies itself as 2.6, thus is not "authorized". Anything else must not be called PGP (hey, it is his trademark!) Tom -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBL6OrVNmt3ugi2IbhAQHBDwQAistPlGzrEnubwgFvEEqJ2sfkv6LNxN5P ERzCyJ3bFk6h9NKt6wWIWAkD6x9wNwQW/AH8cP/qKKPMYsktwm2laVzS2fpkTdK2 RphvRQRzMrDnJLXozv7V+4cxleD3ZLsWIepVmy1LEDygHtNcWgCjQZfQL35iscfy VowStmfaiCI= =MZxj -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Tom Almy Area: Public Key Encryption To: Laurence Lane 30 Apr 95 11:22:38 Subject: Send/rec PGP Msg's UpdReq -=> Quoting Laurence Lane to Ian Hebert <=- IH> Actually, there are two Usenet groups, alt.anonymous and IH> alt.anonymous.messages. The idea behind these is that people can post IH> encrypted messages to you there; you can pick out the ones to you via IH> a pre-arranged subject header. LL> Why not just mail direct? Traffic analysis -- people would know that person A sent a message to person B. With the Usenet group the only thing know would be that person A sent a message (contents unknown). Tom 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: All 30 Apr 95 03:38:50 Subject: Text of the Russian crypto ban hatched UpdReq -----BEGIN PGP SIGNED MESSAGE----- the following has been hatched into PUBKEYS file distribution: YELTSBAN.ZIP Russian/English translation of Yeltsin's crypto ban. [4K] all PUBKEYS links please poll upon receipt of this msg. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: SUPPORT the Phil Zimmerman Legal Defense Fund! iQCVAwUBL6M+fssQPBL4miT5AQFcTwP/RsPAQPUYuuWmw1jjCl5zKtIWIcEeHt3T 7W8cJF3VFdfgKUEmGEsdRYeW+Qjoh/vlYHHk9IbBwLerWvwNhpqEKqTtV92GaPO3 hBtqDOif6LLa0IKqm8YH8TCW4z5hqDmkbrm62ZBb65WjR4FYXb7+jznyS1xzJpLk WOdsmNNUHjA= =JOwM -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718