From: Rapier Area: Public Key Encryption To: All 6 Sep 94 09:06:00 Subject: PGP v 2.6.1 Is Out! UpdReq This was picked up on the cypherpunks mailing list today.... ___--BEGIN PGP SIGNED MESSAGE----- MIT is pleased to announce the availability of PGP 2.6.1, a free public-key encryption program for non-commercial use. PGP 2.6.1 provides for digital signatures and confidentiality of files and messages. PGP 2.6.1 is distributed in source form for DOS/UNIX platforms. For convenience, an MSDOS executable is also part of this release. Because source is available, anyone may examine it to verify the program's integrity. For Macintosh users MIT is currently distributing MacPGP 2.6. An update to MacPGP 2.6 will occur at a later date. PGP 2.6.1 contains fixes to many of the bugs reported in PGP 2.6 and MIT encourages all U.S. PGP users to upgrade. How to get PGP 2.6.1 from MIT: PGP 2.6.1 is available from MIT only over the Internet. Use anonymous FTP to login to net-dist.mit.edu. Login as anonymous. Look in the directory /pub/PGP. In this directory, available to everyone, is a README file a copy of the RSAREF license and a copy of a software license from MIT. Please read the README file and these licenses carefully. Take particular note of the provisions about export control. The README file contains more detailed instructions on how to get PGP 2.6.1. Also in /pub/PGP is a copy of the PGP Manual (files pgpdoc1.txt and pgpdoc2.txt) and the file pgformat.doc that describes the PGP message, signature and key formats, including the modifications for PGP 2.6.1. These are being made available without the distribution restrictions that pertain to the PGP source and executable code. ___--BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLmywV8UtR20Nv5BtAQHsTgP/co0ff5OVXOCMo85BxWKKYulmWk1S1Xns qypYTbKvYETn98mAqXol3dolQPW9OWhgtG2km/R4C2Zq4G/NZBjPy7yfTpO/ket8 lfC0muTQSzAVxzwMhHTRNSItwISCiVwlWDwMADlz3uXKKckJkfntAR+jXd+Foxk/ gizPTNo4ytc= =7ndy ___--END PGP SIGNATURE----- ... ..international borders are simply speedbumps on the info superhighway ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: John Schofield Area: Public Key Encryption To: gk pace 6 Sep 94 09:27:18 Subject: Re: signing my own key. UpdReq -----BEGIN PGP SIGNED MESSAGE----- --====-- gp> I give up... Can't think of one good reson why anyone would sign gp> their own key, except in the case of revoking/re-issuing. When gp> revoking and reissuing, it makes sense to sign the new key with the gp> old, and sign the revokation with the new. Not an overly important gp> thing to do even then tho... In talk about "signing keys," there is a distinction that needs to be made. Clearsigning the message you posted your keys in is stupid. Nobody should do that. Signing your own key with "PGP -KS" is a good idea. Someone could easily mount a denial-of-service attack by adding the user ID "GK PACE " to your key. People might use that address to send messages to you, and the president would receive a lot of encrypted e-mail he could not read. However, if every user ID on your key is signed by you, the one added by the attacker would not be signed, and would stand out like a sore thumb. JMS -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: Call +1-818-345-8640 for information on Keep Out iQCVAwUBLmyUuGj9fvT+ukJdAQEk7AP+O4iATh53h7dura4aFzpKCVo30X5iRWhK +MPZXEN8x6uHEygvZcr2s+VDy8GXb1aKCisbD+VS6r7GBB1DasXSllZ1GXwXNX3P IT+mt9cI0PLhuBOuG8cDJJeiaNOav6qYRt/vMSldYz/NOwhsYH2nrybPwbOxpMeK X1pn5ipgHvI= =75Sx -----END PGP SIGNATURE----- **EZ-PGP v1.07 ... He who gives up freedom for security deserves neither. 201434369420143436942014343694201434369420143436942014343694718 From: Tim Bradley Area: Public Key Encryption To: Shawn McMahon 6 Sep 94 02:07:22 Subject: New to PGP UpdReq In a message of 03 Sep 94 Shawn McMahon wrote to me: SM> I'm not flaming, I honestly want to know; why should we consider your SM> opinion to be more authoritative in matters of communications law than SM> his? You shouldn't, but if you know ANYTHING about the law, you know that this particular issue, like ANY totally new area of law (And telecommunications USERS rights ARE a new field of law in the the eyes of most legal sources I'VE talked to -- and I would imagine if I had a copy of even a half dozen interviews with Mike Godwin I could find you a quote of him SAYING so), is going to be primarily determined in Case Law -- and there is *NO* case law I'm aware of dealing with Sysops monitering mail. EVERY case based on the ECPA I've heard of has dealt with improper handling of EMail during and after Search & Seizures. If you know of ANY cases even PENDING where the ECPA has been used against Sysop READING of mail (NOT other criminal USE of that EMail, just for READING &/or bouncing EMail), I love to hear about it. ASK Mike Godwin if you don't believe me, I have an Uncle who's a Lawyer, and my Mother's Boss & good family friend is a Lawyer -- I've been around long enough to pick up the fact that CASE LAW is where it gets hammered out how these kinds of laws are enforced and interpreted ... so I don't care HOW good an expert in communications law ANYONE is -- until there is a body of case law, they're guessing. It may be an educated guess, but it is STILL a guess. And the fact that the law has been in place as long as it has without *ANY* charges brought against Sysops reading or bouncing mail does NOT support the extreme position you're defending. Don't get me wrong -- I'd LIKE to have EMail enjoy that kind of legal protection -- what I'm afraid I see happening is people going off half-cocked and ASSUMING a level of Rights that just aren't there, and allowing even the limited rights EMail *HAS* to be taken back. And, as the fact that the NSA is STILL pushing Clipper even though the White House has even dropped the idea shows, there ARE groups that WILL take advantage of any naivette Privacy Supporteers display. Later Daze, -- Tim Bradley 201434369420143436942014343694201434369420143436942014343694718 From: Ryan Anderson Area: Public Key Encryption To: Jim Cannell 6 Sep 94 20:08:56 Subject: Re: Memory UpdReq -=> Quoting Jim Cannell to Ryan Anderson <=- JC>> My keyring has gotten too big. PGP is now complaining about JC>> adding more keys. I get an out of memory message, and the JC>> keys do not get added. This happens somewhere around 5000 JC>> keys. RA> If your hardware will support it, run OS/2. I've been handling RA> everything that way, and things seem to work just fine. (Or JC> I was asking for advice on a method to allow the DOS version of JC> PGP to access extended memory. I did not ask for advice on changing JC> operating systems. You're welcome to rewrite it.. The DOS is the only one hurt by memory limitations, so I doubt many others have had a need to change it. Ryan ... Massachusetts has the best politicians money can buy. 201434369420143436942014343694201434369420143436942014343694718 From: Kevin Lo Area: Public Key Encryption To: All 7 Sep 94 16:45:00 Subject: Changes In PGP 2.6.1 UpdReq Greetings All, -----BEGIN PGP SIGNED MESSAGE----- ****Changes to PGP 2.6.1**** PGP 2.6.1 is a bugfix release of PGP 2.6. It fixes many bugs that have been reported by the PGP user community since the original release of PGP 2.6 back in May of 1994. The most notable bugs are the "xorbytes" bug that resulted in less randomness then full Shannon Entropy for all key bits. (Note: People who generated keys with PGP 2.6 do *not* need to generate new keys). Another bug that manifested itself as "DOS error 8" errors has also been fixed. It is also safe to edit your key userid with PGP 2.6.1 even if you store your passphrase in the PGPPASS variable. PGP 2.6.1 will now accept keys up to length 2,048 bits, however it will still only generate keys up to 1,024 bits. This is a phased upgrade approach to increasing PGP's keysize. ****Changes to PGP 2.6:**** This version of PGP uses a version of RSAREF provided to MIT by RSA Data Security for use in PGP. This version is legal within the U.S. See the enclosed RSAREF license for full details. Basically this is a non-commercial release. If you want to use it in a commercial or governmental setting, talk to ViaCrypt (2014 West Peoria Avenue, Phoenix, Arizona 85029, +1 602 944-0773). While PGP version 2.5 used RSAREF version 2.0, PGP 2.6 uses RSAREF version 1. This change was made in consultation with RSA Data Security, which is currently revising its version 2.0 distribution. The version of RSAREF included with this distribution is RSAREF version 1, not version 2.0. PGP 2.6 will read messages, signatures and keys created with versions of PGP post 2.2. (i.e., 2.3, 2.3a, 2.4 and 2.5). However after 9/1/94 Version 2.6 will create messages which contain a version number of "3" in signatues, messages and keys (see pgformat.doc for details). PGP2.6 will be able to read these signatures, messages and keys, but prior versions will not. Versions prior to 2.6 would not permit a new signature to be added to a key if there was an already existing signature from the same signer. Starting with version 2.6 newer signatures will override older ones *as long as the newer signature verifies*. This change is important because many keys have signatures on them that were created by PGP version 2.2 or earlier. These signatures can not be verified by PGP 2.5 or higher. Owners of keys with these obsolete signatures should attempt to gather new signatures and add them to their key. Significant changes were also made for version 2.5. Because version 2.6 is coming out very soon after 2.5 (which was only really a beta test version) readers are encouraged to read the file "newfor25.doc" as well as this file. ****Changes to PGP 2.5:**** ***** MOST IMPORTANT ***** This version of PGP uses RSAREF 2.0, so it's legal in the U.S.! The RSAREF license forbids you to (among other things; see the license for full details) "use the program to provide services to others for which you are compensated in any manner", but that still covers a lot of people. If you want to use it in a commercial or governmental setting, talk to ViaCrypt (2014 West Peoria Avenue, Phoenix, Arizona 85029, +1 602 944-0773). PGP 2.5 should always be distributed with a copy of the RSAREF 2.0 license of March 16, 1994 from RSA Data Security, Inc., so that all users will be aware of their obligations under the RSAREF license. Since the RSAREF license conflicts with the GNU General Public License that PGP was formerly distributed under, the GPL had to go. PGP is still freely distributable, though. (From a copyright point of view; export controls or some other legal hassle may apply.) |o|---------------------------------------------------------------------|o| |o|Kevin Lo | Internet: dt194@nextsun.ins.cwru.edu | Freq' KEVLO.ASC |o| |o|FDC Merlin| FidoNet: 1:374/98.5 (Palm Bay, Fl) |@1:374/98 - PGP Key|o| |o|---------------------------------------------------------------------|o| -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLm4mZqn4UeM46Zc1AQGgtAP9GA5dHLSuBAD9wBpawJHmmMyQj1ULLAwH sKqVoR55snft8COXhd6P4/uNY8Pt7bIr6Y3x+W07v7XmkYLE2iTC+wOfvMMaLsMF dsvnUOXTqwQB+l/nX1dNtYcMD5xw+CpC74rVlVw47KYD3T92Tq27/X+1cwN7uaw/ +EkzFFKlkgY= =lBs+ -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: jason carr 8 Sep 94 11:11:04 Subject: Net 106 still at it? UpdReq Despite the stern warnings of the tribal elders, jason carr said this to Shawn McMahon: jc> It re-addresses, bounces, or alters the handling bits on netmail jc> depending on the FROM, TO, ADDRESS (from and to), SUBJ, or jc> handling bits... Sounds an awful lot like necessary system maintenance to me. I doubt the program itself would be a violation, although you could certainly use it to create a violation. 201434369420143436942014343694201434369420143436942014343694718