From: Shawn McMahon Area: Public Key Encryption To: Tim Devore 1 Oct 94 20:43:08 Subject: Who's This Ashworth? UpdReq Despite the stern warnings of the tribal elders, Tim Devore said this to Christopher Baker: CB>> in FidoNet, a Node is the lowest level of the organization. a Node is a TD> Slight correction in FidoNet a POINT is the lowest level serving TD> off a NODE. Incorrect. Points are not a part of Fidonet. They are considered to be users of the Node, which is the lowest level of Fidonet organization. 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: All 1 Oct 94 21:01:00 Subject: Bug in PGP signatures UpdReq Despite the stern warnings of the tribal elders, John Schofield said this to All: JS> Hello, all. I just wanted to report a bug in PGP I've found out JS> about on ALT.SECURITY.PGP. I verified it, and it really JS> works. Works with RG's OS/2 compile of 2.61. Easily noticeable, however, even BEFORE you attempt to check the sig, since PGP always puts a blank line. 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: jason carr 1 Oct 94 20:53:24 Subject: Re: PGP Signatures UpdReq Despite the stern warnings of the tribal elders, jason carr said this to Shawn McMahon: SM>> It's too Fidonet-specific. jc> Well, yeah. But that's the purpose. Maybe someone could code in jc> a switch that would hide the sig in a FTN msg. ??? I understand that that's the purpose, Jason, but it's still too Fidonet-specific. Should PGP incorporate kludges for every other network system in which PGP happens to enjoy widespread use? If Fidonet wants to work something out external to PGP, that's fine; but PGP shouldn't be changed in a way that has such tremendous potential for abuse. Remember, the instant you stick a ^A at the beginning of that line, it becomes fair game for Fidonet mail tossers to yank that line out, modify it, and stick it back in (or not!) anywhere in the message they like, without regard for the order in which that line originally came. That'd cause signatures to fail. 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: David Chessler 1 Oct 94 20:55:32 Subject: Re: signing my own key. UpdReq Despite the stern warnings of the tribal elders, David Chessler said this to Shawn Mcmahon: SM>>I'm still learning this stuff; the math is a little beyond me, and most >>of my knowledge comes from Schneier's book. DC> That isn't the place to start. Read and re-read the DC> documentation, and get copies of the FAQs. To understand what DC> IDEA does, get the article that ran last December in Dr. DC> Dobbs. I did start with the docs. I'll see if my local libraries have back issues of DDJ. DC> BTW, get SFS110, and read the documentation. It's very good, and DC> you will learn a lot, again, without a bunch of math. Didn't know about 110. I've only seen 1.0. Read those docs twice, though. So far. 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: David Chessler 1 Oct 94 21:00:08 Subject: Need recommendations UpdReq Despite the stern warnings of the tribal elders, David Chessler said this to Shawn Mcmahon: DC> Then you must use SFS which won't let him use a weak passphrase. That was a major part of my decision, yes. Depends upon your definition of "weak" but it darn sure won't let him use as weak a password as he wanted to. He grumbled, but I gave him the "I can refer you to a security consultant, but he'll tell you the same thing and charge you a hell of a lot more" bit again. DC> Not with SFS and a good password, which SFS enforces. Make sure DC> there is at least one digit or punctuation mark in the DC> passphrase. I told him to do that; whether or not he did is not for me to say, of course. 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Carl Hudkins 1 Oct 94 22:21:02 Subject: Re: Key? What key? :) UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 29 Sep 94, Carl Hudkins was quoted as saying: CH> 1:135/808 PGPKEY thanks. will do. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLo4ZEcsQPBL4miT5AQFznAP8C+GKH+GNAivbAUEEpubi4HIgvH8gG1LW /VowgejgtIJ0cfly09CMRxb3OxQ8/ofqBJZ8ZLQBDiys9UyLPzm1T8sep0FANtLd 9863EGMTj5h8PM+fQsJrRjfPuUsxbWH+0G8+mYCNsJTEJPyA4pxVuWRv9yjidLOR AglaaIvltF8= =wCJx -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Carl Hudkins 1 Oct 94 22:26:08 Subject: Re: readers [Was: New To Pgp] UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 29 Sep 94, Carl Hudkins was quoted as saying: CH> What sort of software is GenMsg? Would it be suitable for use in a CH> point system? I was doing ok with PPoint, but I run into a memory CH> wall when trying to use PGP. GenMsg is a FidoNet mail reader and PGP/uucp interface. to write a msg, it invoked the editor of your choice. i use VDE. GenMsg is only for .MSG msgbases at the present time. it does the PGP stuff on the fly online. it doesn't use a Nodelist so it just takes Node info from the reply msg or you have to provide it. it automatically makes Internet-style msgs for replies or originals and routes them to your default uucp Gate. it does everything but whistle. [grin] CH> Currently I have Hudson message bases, maintained with FastEcho. don't have a Hudson or Squish version yet. CH> Should I try GenMsg, and where can I get it? it won't work for you unless you can selectively convert to .MSG on demand. you can get it here as GENMSG or from the author [GK Pace] at 1:374/26. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLo4aQ8sQPBL4miT5AQEc8gP8CA9NW3PinqHBRUls2w+nb3os5z+1SL4c lr5JM3Qtd5D18ZYi6UYHKsF+68qDJE/3nFByWieOWnaeipmmbvhkAX6j5C5njszT SnhLME9XSoPL4RIwWF7Y1H1oDz6WuEIxIOXVSoeXWRX1uI7mZQT99MZf4HxKln0S mF+LvcofLYI= =r7ww -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718