From: Alan Pugh Area: Public Key Encryption To: gk pace 4 Oct 94 22:14:50 Subject: Clear-Signed "Hole" UpdReq -----BEGIN PGP SIGNED MESSAGE----- gp> This reported problem is expected to be fixed, with the release of gp> 2.6.2, which is anticipated to be available within two weeks. There gp> will be some additional enhancements as well. gp> Look for the release sometime after this coming thursday. gp> gp> -gk uh, is there any word when it will settle down? this _release a week_ stuff is confusing to many. myself included. i'm sitting on 2.3a until a relatively bug-free, stable and verified version comes out. i'm beginning to get a mite suspecious of the myriad of versions floating around. btw: i'm using version 0.03 of pgpshell and like it as it is small, fast, and performs those functions i need it to perform quickly and painlessly. the copy i got didn't have docs with it. i'm assuming that you are the author. if so, is it shareware or freeware? amp -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCxAgUBLpIaDdQ9obngT6LhAQH3PQTgkG5zQCXhlJot9+wqwNUmLT5b73q6zrYf LFB6U/JovpqWVoKhtWjANeKR81x4y1Y4tZz8C8e8+MnT4wG5mTMqtitiDg2WjaP8 SPV0blwanHB7teEOAJ5rPhva/XU4+/cH2X3s1qPyH2MNGqK4XY9cSDM4/+XmWTIq H5Z5fuD92mJcZpTv47PnzY/gwsnYUkCNt1idEm1HUHVBwdt7 =2u+D -----END PGP SIGNATURE----- ~~~ PGPBLUE 2.5 ... Want my ammunition? You can have them one bullet at a tim 201434369420143436942014343694201434369420143436942014343694718 From: Richard Godbee Area: Public Key Encryption To: Walt Haefner 4 Oct 94 18:11:56 Subject: There goes more freedom! UpdReq Walt, -=> Quoting Walt Haefner to Jeff Hancock... <=- WH> ANYTHING the Gov't wants the FCC to regulate.... I want to know about! It was a joke... As are most of the FCC rulings... --Ricky Godbee, Jr. richard.godbee@bmtmicro.com ... "What do I have to do to convince you people?" --Q "Die." --Worf ___ RATS 2.2 with 2031 taglines. 201434369420143436942014343694201434369420143436942014343694718 From: Eric Nystrom Area: Public Key Encryption To: Shawn McMahon 6 Oct 94 18:51:00 Subject: Bug in PGP signatures UpdReq In a message of , Shawn McMahon (1:19/34) writes: >Despite the stern warnings of the tribal elders, John Schofield said this >to All: JS> Hello, all. I just wanted to report a bug in PGP I've found out JS> about on ALT.SECURITY.PGP. I verified it, and it really JS> works. >Works with RG's OS/2 compile of 2.61. Easily noticeable, however, even >BEFORE you attempt to check the sig, since PGP always puts a blank line. However, a "blank" line could have a single space character, or a tab. Both of those, verified by tests, work, so you could have a perfectly fine-LOOKING message and still be getting fooled. -Eric 201434369420143436942014343694201434369420143436942014343694718 From: John Nieder Area: Public Key Encryption To: mark lewis 5 Oct 94 10:44:14 Subject: Securemail UpdReq -=> Quoting mark lewis to John Nieder <=- JN> Sysop's response is that it's too much trouble to change the JN> outgoing netmail destination, even though it's a local call JN> to the SECUREMAIL hub. No further explanation seems to be JN> forthcoming. ml> sounds to me like it is time to vote with your feet and get an account ml> on the SECUREMAIL system if you can. might want to let others know but ml> in a quiet, easy going manner... Not my problem. I looked into this for a friend, and am glad I don't have to deal with it. ml> i agree... BTW: it's not that hard for him to add or change one or two ml> lines in his routing file... that's all it'd take... Apparently there's a lot more to it than that - there's some undisclosed reason _why_ his mail has to go where it does. It's a _big_ BBS with a lot of nets and lines and the volume of mail may have something to do with it. Beats me. There are so many delivery problems with Fidonet in this area in the past few months that this flap with Ashworth is trivial by comparison. I'm glad I use Internet, myself. I sometimes use 1:125/33 here, as it's a securemail hub with no hassles, but on the whole I don't use Fidonet as it's become a headache. As I said before, this petty netgod crap really turned me off to hobbyist nets in general, long ago. The level of oppressive BS is just more than I can stand. The Ashworths can have it. Life's too short. JN 201434369420143436942014343694201434369420143436942014343694718 From: Randy Edwards Area: Public Key Encryption To: All 6 Oct 94 23:28:40 Subject: [1 of 2] Take Back the Airwaves UpdReq * Original Message Posted via CIVLIB * Date: 05 Oct 94 11:11:16 * From: Randy Edwards @ 1:325/805 * To: All * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:325/805 177249ee MICROPOWER BROADCASTING THE FREE SPEECH MOVEMENT OF THE 90'S One of the most defining threads of political. cultural and social history is freedom of expression. In almost any circumstance, the degree of overall freedom present is directly proportional to the degree of strictures placed upon freedom of expression and who controls or maintains the mediums of expression. Whether it was the underground resistance to the Star Chamber or the free speech fights of the Wobblies, the desire to communicate with one's feelings, ideas, thoughts, etc. has remained undiminished throughout history. Subject to licensure for the first 500 years of its existence, the printing press of Gutenberg's day has been transmuted into the micropower transmitters of the 1990's. With an agency, the FCC (Fostering Corporate Control), totally in the grip of media monopolies who number less than 30 but own over 50 percent of the media resources, we have reached an intolerable situation where the peoples' airwaves have been turned into an instrument of social control engendering crass consumerism, and obescient response to the crudest of political flim-flammery. An owner of a printing press could have had his or her hand chopped off, or worse, for printing material considered to be seditious or critical of the ruling elite. Although micropower broadcasters have not been subject to a similar fate, they are being threatened with huge fines ranging from $10,000 to $20,000 and, in some cases, their entire household has been ransacked by local FCC agents and police. Clearly, free speech and other constitutional rights are under a state of siege. With the current anti-crime hysteria and what passes for "public debate" in the hands of the corporate monopolies and their mouthpieces such as Rush Limbaugh, an aggressive campaign of taking back the airwaves is the only hope of creating democracy in this country. It is our intent and purpose to see thousands of transmitters taking to the air in an all out, no holds barred movement of electronic civil disobedience. When was the last you refereed to as a citizen and not a consumer by the media ? One has to ask the question, what is the underlying premise behind who has rights to the airwaves which, like so many other natural resources, have been plundered and raped by the corporate interests who desire to line their pockets to the extreme detriment of the planet and all who reside on it ? Why should just a few be allowed to dominate what should be a resource of the many ? It is just the further diminishment of public space and resources which are fenced off and declared private property of the corporate elite. If the power levels were brought down to some reasonably sane limit, like 100-1000 watts on FM for example, many more people and communities could have a voice. Consider the cancer cluster risks alone from having megawatts of RF radiating from vertical antenna farms such as Sutro Tower in San Francisco. If we are a country founded on democratic principles, with a government created to ensure and guarantee to all the rights enumerated in the Bill of Rights along with life, liberty and the pursuit of happiness why have we reached such an intolerable situation where any reasonable analysis will show the total lack of any democratic process. And why do we meet such fierce resistance when tried to exercise any of these rights, such the right to vote, to speak in public parks, or to receive a just and fair wage ? The question is, should the airwaves be used as a primary means of fostering a democratic, pluralistic, and vibrantly diverse society through a free and open exchange of ideas, news, information, art and culture or should they be a concession stand for narrow, @PATH: 325/805 3615/50 374/1 98 14 201434369420143436942014343694201434369420143436942014343694718 From: Randy Edwards Area: Public Key Encryption To: All 6 Oct 94 23:28:58 Subject: [2 of 2] Take Back the Airwaves UpdReq * Original Message Posted via CIVLIB * Date: 05 Oct 94 11:11:16 * From: Randy Edwards @ 1:325/805 * To: All * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:325/805 17724a1e anti-democratic corporate interests working hand in hand with a government whose main goal is domestic pacification, control and the maximization of private profit ? Who does the government really work for, the people or the plutocrats ? Of, by and for the people does not seem be an operative principle at this time. Spectrum scarcity is largely the fault of the FCC. Take a look at your TV tuner. Notice all those vacant UHF channels. In most areas the UHF band is wide open. Yet, even though low power TV has been created as a legitimate category, the FCC has flatly refused to grant licenses in the 50 major urban areas where there is plenty of room on the UHF band. In 1980 the FCC forced many low wattage (10 watt) , class D FM stations to either increase their power to a minimum of 100 watts and adhere to tighter technical requirements or go off the air. This was done largely at the behest of the Corporation for Public Broadcasting (another contradiction in terms), the agent orange of grassroots radio, who had been lobbying the FCC since the early 1970's as part of their drive to "professionalize community radio. It was the combined hope of both the FCC and the CPB to drive a number of stations off the air. What happened was that everyone scraped their pennies together and increased their power and operating budgets with a net result of crowding the spectrum more than before and having to rely more and more on bringing professional fund-raisers and managers on board to meet the larger budgetary requirements - thus began the slow death of real community radio in this country. Why does the FCC grant 90 mile fringe protection to many giant operators ? As stated above, bring down the power limit to a reasonable level, the broadcasters will scream. Let them, they have had 60 years to make an obscene amount of profit from the peoples' resource. We are creating an alternative to the FCC, the Free Communications Coalition - the peoples' FCC. An umbrella organization which intends on helping ensure good technical standards and support for micropower broadcasting, basing itself on a community and grass roots volunteer model using mediation and open discussion to foster responsible micropower broadcasting. Further, it is working toward the full democratization of all means of communication whether it is electromagnetic space or cyberspace in conjunction with any & all groups or individuals who are working toward this common goal. We would like to see many of these issues addressed and resolved at the community level. We hope to create a talent and resource pool of individuals who can provide the necessary technical expertise whether it be legal, electronic, organizational, etc. to aid in establishing micropower broadcasting as a fully functioning entity whose purpose is to break the stranglehold on the free flow of information, ideas, news, culture and art. Your involvement is critical to the success of this endeavor. If you would like further information on micropower broadcasting and the Free Communications Coalition, send us either your email address or snail address and you will receive our most current newsletter. Since we ran extra copies of our Sept/Oct newsletter, actually it is a full size 8 page tabloid, we can send you copies for distribution in your community. A donation would be appreciated to cover the cost of sending the bundles of newsletters. Our full line of kits is listed in the newsletter as well. Let us know how we can help you take back the airwaves in your community. Stephen Dunifer Free Radio Berkeley / Free Communications Coalition email: frbspd@crl.com snail: FRB / FCC, 1442A Walnut St. #406, Berkeley, CA 94709 voice mail: (510) 464-3041 @PATH: 325/805 3615/50 374/1 98 14 201434369420143436942014343694201434369420143436942014343694718 From: Randy Edwards Area: Public Key Encryption To: All 6 Oct 94 23:29:06 Subject: EPIC Seeks FBI Docs UpdReq * Original Message Posted via CIVLIB * Date: 05 Oct 94 11:11:18 * From: Randy Edwards @ 1:325/805 * To: All * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:325/805 17724b1a PRESS RELEASE Contact: Marc Rotenberg, EPIC Director David Sobel, EPIC Legal Counsel 202 544 9240 (tel) EPIC Opposes FBI Delay Seeks Documents About Wiretap Plan WASHINGTON, D.C.- The Electronic Privacy Information Center today opposed a government motion to delay release of two documents in a lawsuit concerning the FBI's "digital telephony" proposal. The case is pending in federal court as the Congress considers legislation that will authorize the expenditure of $500 million to make the nation's communications system easier to wiretap. EPIC, a public interest research group based in Washington, DC, filed the Freedom of Information Act requests earlier this year. The group is seeking the public release of two surveys cited by FBI Director Lou Freeh in support of the FBI's plan. EPIC filed the FOIA lawsuit on August 9th, the day the wiretap legislation was introduced in Congress. The FBI then moved to stay proceedings in the case until June 1999, more than five years after the filing of the initial request. The FBI asserted it was confronted with "a backlog of pending FOIA requests awaiting processing." The FBI revelead that there are "an estimated 20 pages to be reviewed" but said that the materials will not be reviewed until "sometime in March 1999." In the papers filed today, EPIC charged that the materials are far too important to be kept secret. "The requested surveys were part of the FBI's long-standing campaign to gain passage of unprecedented legislation requiring the nation's telecommunications carriers to redesign their telephone networks to more easily facilitate court-ordered wiretapping," said the EPIC brief. EPIC contends that the federal court should give special consideration to the fact that the records have already been reviewed for public release and also that the records concern a matter of great public interest. "It is disingenuous for the Bureau to suggest that the twenty pages of material at issue in this case are at the end of a long queue awaiting review for possible disclosure. The FBI has already considered Rep. Don Edwards' request to make the information public and has made a determination to release only a one-page summary," said EPIC. EPIC argues that under new procedures developed by the Department of Justice for FOIA cases, the processing should be expedited. "There can be no doubt that the subject matter of plaintiff's requests -- legislation to re-design the nation's telephone network to facilitate wiretapping -- is of considerable interest to the news media." The brief concludes, "The records sought by plaintiff are of substantial current interest to news media and the general public. Moreover, the FBI has already reviewed the material to determine whether it should be publicly disclosed. Under these circumstances, the Bureau's request for a five-year stay of these proceedings is wholly lacking in merit." Earlier documents obtained through the FOIA in similar litigation with the FBI revealed no technical obstacles to the exercise of court-authorized wire surveillance. The Electronic Privacy Information Center is a project of Computer Professionals for Social Responsibility, a membership organization based in Palo Alto, California, and the Fund for Constitutional Government, a Washington-based foundation dedicated to the protection of Constitutional freedoms. 202 544 9240 (tel), 202 547 5482 (fax), info@epic.org. @PATH: 325/805 3615/50 374/1 98 14 201434369420143436942014343694201434369420143436942014343694718 From: Randy Edwards Area: Public Key Encryption To: All 6 Oct 94 23:29:20 Subject: Wiretap: Judge Rejects FBI Delay UpdReq * Original Message Posted via CIVLIB * Date: 05 Oct 94 11:11:30 * From: Randy Edwards @ 1:325/805 * To: All * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:325/805 17725199 PRESS RELEASE For immediate release October 3, 1994 Contact: Marc Rotenberg, EPIC Director David Sobel, EPIC Legal Counsel 202 544 9240 (tel) JUDGE REJECTS DELAY ON FBI WIRETAP DATA; "STUNNED" BY BUREAU'S REQUEST WASHINGTON, D.C.- A federal judge today denied the FBI's request for a five-year delay in processing documents concerning wiretap legislation now pending in Congress. Saying he was "stunned" by the Bureau's attempt to postpone court proceedings for five years, U.S. District Judge Charles R. Richey ordered the FBI to release the material or to explain its reasons for withholding it by November 4. The Electronic Privacy Information Center (EPIC), a public interest research group based in Washington, DC, filed the Freedom of Information Act lawsuit on August 9, the day legislation was introduced in Congress to authorize the expenditure of $500 million to make the nation's communications systems easier to wiretap. The group is seeking the public release of two surveys cited by FBI Director Louis Freeh in support of the pending legislation. The FBI had moved to stay proceedings in the case until June 1999, more than five years after the filing of the initial request. The Bureau asserted it was confronted with "a backlog of pending FOIA requests awaiting processing." The FBI revealed that there are "an estimated 20 pages to be reviewed" but said that the materials would not be reviewed until "sometime in March 1999." Judge Richey rejected the FBI's claims in sharp language from the bench. He told the government's attorney to "call Director Freeh and tell him I said this matter can be taken care of in an hour and a half." In court papers filed late last week, EPIC charged that the requested materials are far too important to be kept secret. "The requested surveys were part of the FBI's long-standing campaign to gain passage of unprecedented legislation requiring the nation's telecommunications carriers to redesign their telephone networks to more easily facilitate court-ordered wiretapping," said the EPIC brief. Earlier documents obtained through the FOIA in similar litigation with the FBI revealed no technical obstacles to the exercise of court-authorized wire surveillance. The FBI is pushing for quick enactment of the wiretap legislation in the closing days of the 103rd Congress. A grassroots campaign to oppose the measure is being coordinated by EPIC and Voters Telecomm Watch. The Electronic Privacy Information Center is a project of Computer Professionals for Social Responsibility, a membership organization based in Palo Alto, California, and the Fund for Constitutional Government, a Washington-based foundation dedicated to the protection of Constitutional freedoms. 202 544 9240 (tel), 202 547 5482 (fax), info@epic.org (e-mail). @PATH: 325/805 3615/50 374/1 98 14 201434369420143436942014343694201434369420143436942014343694718 From: Randy Edwards Area: Public Key Encryption To: All 6 Oct 94 23:29:30 Subject: [1 of 3] Wiretap Watch 1.02 (STOP THE FBI'S WIRETAP BILLS)UpdReq * Original Message Posted via CIVLIB * Date: 05 Oct 94 11:11:30 * From: Randy Edwards @ 1:325/805 * To: All * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:325/805 177251c0 The Wiretap Watch Issue 1.02 October 3, 1994 Distribute Widely (until 11/1/94) Recent Quote: "..call Director Freeh and tell him I said this matter can be taken care of in an hour and half." -Judge Richey, denying the FBI's request for a five year delay on releasing FOIA'd wiretap survey data that would support their need for the Wiretap bills (HR 4922 & SB 2375) The Wiretap Watch will be posted on a frequent basis until the FBI's Wiretap bills pass or fail this session. ------------------------------------------------------------------------------- Contents What's New What you should do right now Positions of legislators pro/con/wavering Status of the bills Brief explanation of the bill ------------------------------------------------------------------------------- WHAT'S NEW WITH THE FBI'S WIRETAP BILLS (SB 2375 & HR 4922) (brief version) Call your Senators and tell them to vote NO on SB 2375. Mail vtw@vtw.org for more information. -The House has placed HR 4922 (FBI Wiretap Bill) on the suspension schedule. It will be voted on tomorrow (Tuesday, Oct. 4, '94) along with more than 50 other bills. -Senator Feinstein (CA) and Kennedy (MA) have announced their support for the bill. -A Federal Court judge refused the FBI's 5 year delay on releasing wiretapping data that they claim would prove their case for the bill. (If it would prove their case so well, why can't we see it?) -Reports of Sen. Hank Brown being opposed to the bill are discovered to be incorrect. ------------------------------------------------------------------------------- WHAT YOU SHOULD DO RIGHT NOW Many legislators are fence-sitting, refusing to take a position on the bill; they need pressure from you. The sponsors and supporters are trying to push it through without any floor debate. If for no other reason, this bill should not pass this session because the FBI has refused to make their case in public, to the people who will have to live with the consequences of this bill. This bill hasn't much time, it must get passed in the House by Friday or it will die this year. A lengthy delay in the Commerce committee could slow it down. Furthermore, as the bill looks closer and closer to missing the mark, legislators are starting to pop up opposing the bill. Call your legislator DAILY until they take a position. Friendly ears in the Capitol are telling us that the action so far has made a significant impact. There are two things you can do to make an impact: 1. Call your Senators and ask them to vote NO on the Digital Telephony bill. 2. Call legislators who have taken positions against the bill and tell them it will affect your vote in their next election. Step 1. Look around you and figure out which state you're in. (Hint: if the temperature is always between 60F and 85F, you live in Seattle, WA :-) Find your two Senators on the lists appended. Step 2. Pick up the phone or type up your letter. Feel free to use the Religious Right's toll-free DC number (1-800-768-2221) -- they provide it so that citizens can contact their legislators more easily. Step 3. Express your opinion. If you're at a loss for words, use our sample communique below: SAMPLE COMMUNIQUE (FAX OR PHONE) The FBI is trying to push through its wiretap bill (SB 2375) without due deliberation. The bill is too costly ($500 million for a function that the FBI already has). The bill should not be considered until the FBI makes its case to the American public. This is a sensitive issue that requires public debate and a role call vote. Vote NO on SB 2375. Thank you, ___________________ Find out what the Senator's position is; call them DAILY. They'll have to vote on it soon, so don't let them tell you they haven't made up their mind yet. Mail the answer to vtw@vtw.org. Step 4. Call anyone marked with a * and tell them you oppose their supporting position for the FBI's Wiretap bill. SAMPLE COMMUNIQUE (FAX OR PHONE) Dear _____________, You recently supported for the FBI's Wiretap bills (HR 4922 and SB 2375) through a public statement or committee vote. This bill has not had significant public input and is extremely expensive. I will find it difficult to support you in your next election. Sincerely, _______________ Step 5. Feel good about yourself. You've just participated in democracy without leaving your seat. ------------------------------------------------------------------------------- STATUS STATUS SB 2375 It is waiting to be brought for a vote on the Senate floor. Sponsors and backers are attempting to get "unanimous consent" which will allow it to be passed while bypassing most of the normal debate and procedure. The Senate will be returning for a "lame duck" session after the November elections, however. There is a significant amount of time left. STATUS HR 4922 Currently scheduled for a vote on Tue Oct 4th, with more than 50 other bills on the "suspension" calendar. Oct 4, 94 House is scheduled to vote on HR 4922, along with more than 50 other items in the "suspension calendar" Oct 3, 94 Judge Richey instructs the FBI to comply with a FOIA request to make available their wiretap surveys (which they claim justify their bill) by Nov. 1. Sep 29, 94 HR 4922 marked up and reported out of the Hse. Jud. Comm and nearly to the full House Sep 28, 94 SB 2375 amended, marked up, and reported out of the Sen. Jud. Comm. to the full Senate Sep 15, 94 HR 4922 hearing held in the Telecommunications Comm. Aug 18, 94 HR 4922 reported back to committee (write to Rep. Jack Brooks!) Aug 11, 94 Sen. Leahy & Rep. Edwards hold a joint hearing on the bills in Wash. DC at 1pm in Rayburn 2237. Aug 10, 94 HR 4922 referred to Subcomm. on Civil and Constitutional Rights Aug 10, 94 SB 2375 referred to Subcomm. on Technology and the Law Aug 9, 94 Rep. Hyde officially cosponsors HR 4922 Aug 9, 94 HR 4922 referred to House Judiciary Committee Aug 9, 94 SB 2375 referred to Senate Judiciary Committee Aug 9, 94 Identical House and Senate bills are announced by their respective @PATH: 325/805 3615/50 374/1 98 14 201434369420143436942014343694201434369420143436942014343694718 From: Randy Edwards Area: Public Key Encryption To: All 6 Oct 94 23:29:38 Subject: [2 of 3] Wiretap Watch 1.02 (STOP THE FBI'S WIRETAP BILLS)UpdReq * Original Message Posted via CIVLIB * Date: 05 Oct 94 11:11:30 * From: Randy Edwards @ 1:325/805 * To: All * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:325/805 177251d8 sponsors, Rep. Don Edwards (D-CA) and Sen. Patrick Leahy (D-VT) EFF states the legislation is "not necessary" and predicts it will pass regardless. For more information about the Digital Telephony bills, check the Voters Telecomm Watch gopher site (gopher.panix.com) or contact Steven Cherry, VTW Press Contact at (718) 596-2851 or stc@vtw.org. ------------------------------------------------------------------------------- POSITIONS OF LEGISLATORS [Note this only reflects the feedback we have received. Many people don't tell us they've called their legislator. -Shabbir] Senators: p st name phone fax = == ======================== ============== ============== R AK Murkowski, Frank H. 1-202-224-6665 1-202-224-5301 R AK Stevens, Ted 1-202-224-3004 1-202-224-1044 *D AL Heflin, Howell T. 1-202-224-4124 1-202-224-3149 Voted in favor of the bill leaving the Judiciary committee. (bad) D AL Shelby, Richard C. 1-202-224-5744 1-202-224-3416 D AR Bumpers, Dale 1-202-224-4843 1-202-224-6435 D AR Pryor, David 1-202-224-2353 na *D AZ DeConcini, Dennis 1-202-224-4521 1-202-224-2302 Voted in favor of the bill leaving the Judiciary committee. (bad) R AZ McCain, John 1-202-224-2235 na D CA Boxer, Barbara 1-202-224-3553 1-415-956-6701 Undecided; has been contacted by at least 32 constituents. *D CA Feinstein, Diane 1-202-224-3841 1-202-228-3954 Has stated that she will be voting for the bill (bad) Voted in favor of the bill leaving the Judiciary committee. (bad) D CO Campbell, Ben N. 1-202-225-4761 1-202-225-0228 *R CO Brown, Henry 1-202-224-5941 na Voted in favor of the bill leaving the Judiciary committee. (bad) A previous report of Brown opposing the bill turns out to be inaccurate. D CT Dodd, Christopher J. 1-202-224-2823 na D CT Lieberman, Joseph I. 1-202-224-4041 1-202-224-9750 *D DE Biden Jr., Joseph R. 1-202-224-5042 na Biden is a co-sponsor of the bill. Call him and tell him how unhappy you are about his position. Voted in favor of the bill leaving the Judiciary committee. (bad) R DE Roth Jr., William V. 1-202-224-2441 1-202-224-2805 D FL Graham, Robert 1-202-224-3041 na Undecided; has been contacted by several constituents. R FL Mack, Connie 1-202-224-5274 1-202-224-8022 Undecided; has been contacted by several constituents. D GA Nunn, Samuel 1-202-224-3521 1-202-224-0072 Undecided; has been contacted by several constituents. R GA Coverdell, Paul 1-202-224-3643 na D HI Akaka, Daniel K. 1-202-224-6361 1-202-224-2126 D HI Inouye, Daniel K. 1-202-224-3934 1-202-224-6747 D IA Harkin, Thomas 1-202-224-3254 1-202-224-7431 *R IA Grassley, Charles E. 1-202-224-3744 na Voted in favor of the bill leaving the Judiciary committee. (bad) R ID Craig, Larry E. 1-202-224-2752 1-202-224-2573 R ID Kempthorne, Dirk 1-202-224-6142 1-202-224-5893 *D IL Moseley-Braun, Carol 1-202-224-2854 na Undecided; has been contacted by several constituents. Voted in favor of the bill leaving the Judiciary committee. (bad) *D IL Simon, Paul 1-202-224-2152 1-202-224-0868 Undecided; has been contacted by several constituents. Voted in favor of the bill leaving the Judiciary committee. (bad) R IN Coats, Daniel R. 1-202-224-5623 1-202-224-8964 R IN Lugar, Richard G. 1-202-224-4814 na R KS Dole, Robert 1-202-224-6521 1-202-224-8952 R KS Kassebaum, Nancy L. 1-202-224-4774 1-202-224-3514 D KY Ford, Wendell H. 1-202-224-4343 na R KY McConnell, Mitch 1-202-224-2541 1-202-224-2499 D LA Breaux, John B. 1-202-224-4623 na D LA Johnston, J. Bennett 1-202-224-5824 na *D MA Kennedy, Edward M. 1-202-224-4543 1-202-224-2417 Has stated that he is supporting the bill (bad) Voted in favor of the bill leaving the Judiciary committee. (bad) D MA Kerry, John F. 1-202-224-2742 na Undecided; has been contacted by several constituents. D MD Mikulski, Barbara A. 1-202-224-4654 1-202-224-8858 D MD Sarbanes, Paul S. 1-202-224-4524 1-202-224-1651 D ME Mitchell, George J. 1-202-224-5344 na *R ME Cohen, William S. 1-202-224-2523 1-202-224-2693 Voted in favor of the bill leaving the Judiciary committee. (bad) D MI Levin, Carl 1-202-224-6221 na D MI Riegle Jr., Donald 1-202-224-4822 1-202-224-8834 D MN Wellstone, Paul 1-202-224-5641 1-202-224-8438 Undecided; has been contacted by several constituents. R MN Durenberger, David 1-202-224-3244 na A staffer said that Sen. Durenberger is "concerned about the bill, but has no official position yet". Help turn that concern into a position against the bill; call today. R MO Bond, Christopher S. 1-202-224-5721 1-202-224-8149 R MO Danforth, John C. 1-202-224-6154 na R MS Cochran, Thad 1-202-224-5054 na R MS Lott, Trent 1-202-224-6253 1-202-224-2262 D MT Baucus, Max 1-202-224-2651 na R MT Burns, Conrad R. 1-202-224-2644 1-202-224-8594 R NC Faircloth, D. M. 1-202-224-3154 1-202-224-7406 R NC Helms, Jesse 1-202-224-6342 na D ND Conrad, Kent 1-202-224-2043 na D ND Dorgan, Byron L. 1-202-225-2611 1-202-225-9436 D NE Exon, J. J. 1-202-224-4224 na D NE Kerrey, Joseph R. 1-202-224-6551 1-202-224-7645 R NH Gregg, Judd 1-202-224-3324 na R NH Smith, Robert 1-202-224-2841 1-202-224-1353 D NJ Bradley, William 1-202-224-3224 1-202-224-8567 Undecided; has been contacted by several constituents D NJ Lautenberg, Frank R. 1-202-224-4744 1-202-224-9707 Undecided; has been contacted by several constituents D NM Bingaman, Jeff 1-202-224-5521 na R NM Domenici, Pete V. 1-202-224-6621 1-202-224-7371 D NV Bryan, Richard H. 1-202-224-6244 na D NV Reid, Harry 1-202-224-3542 1-202-224-7327 D NY Moynihan, Daniel P. 1-202-224-4451 1-202-224-9293 Undecided; has been contacted at least twelve constituents R NY D'Amato, Alfonse M. 1-202-224-6542 1-202-224-5871 @PATH: 325/805 3615/50 374/1 98 14 201434369420143436942014343694201434369420143436942014343694718 From: Randy Edwards Area: Public Key Encryption To: All 6 Oct 94 23:29:48 Subject: [3 of 3] Wiretap Watch 1.02 (STOP THE FBI'S WIRETAP BILLS)UpdReq * Original Message Posted via CIVLIB * Date: 05 Oct 94 11:11:30 * From: Randy Edwards @ 1:325/805 * To: All * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:325/805 17725233 Undecided; has been contacted at least twelve constituents D OH Glenn, John 1-202-224-3353 na *D OH Metzenbaum, Howard 1-202-224-2315 1-202-224-6519 Undecided; has been contacted by several constituents Voted in favor of the bill leaving the Judiciary committee. (bad) D OK Boren, David L. 1-202-224-4721 na R OK Nickles, Donald 1-202-224-5754 1-202-224-6008 R OR Hatfield, Mark O. 1-202-224-3753 na R OR Packwood, Robert 1-202-224-5244 na D PA Wofford, Harris 1-202-224-6324 1-202-224-4161 *PA Specter, Arlen 1-202-224-4254 na Voted in favor of the bill leaving the Judiciary committee. (bad) D RI Pell, Claiborne 1-202-224-4642 1-202-224-4680 R RI Chafee, John H. 1-202-224-2921 na D SC Hollings, Ernest F. 1-202-224-6121 na Undecided; has been contacted by several constituents *R SC Thurmond, Strom 1-202-224-5972 1-202-224-1300 Supporting the FBI's Wiretap Bill. Make sure he knows how unhappy you are about his support for mandated wiretapping functionality. (bad) Voted in favor of the bill leaving the Judiciary committee. (bad) D SD Daschle, Thomas A. 1-202-224-2321 1-202-224-2047 *R SD Pressler, Larry 1-202-224-5842 1-202-224-1630 Voted in favor of the bill leaving the Judiciary committee. (bad) D TN Mathews, Harlan 1-202-224-1036 1-202-228-3679 D TN Sasser, James 1-202-224-3344 na R TX Hutchison, Kay Bailey 1-202-224-5922 1-202-224-0776 Undecided; has been contacted by several constituents R TX Gramm, Phil 1-202-224-2934 na Undecided; has been contacted by several constituents R UT Bennett, Robert 1-202-224-5444 na *R UT Hatch, Orrin G. 1-202-224-5251 1-202-224-6331 Voted in favor of the bill leaving the Judiciary committee. (bad) D VA Robb, Charles S. 1-202-224-4024 1-202-224-8689 Undecided; has been contacted by several constituents R VA Warner, John W. 1-202-224-2023 1-202-224-6295 Undecided; has been contacted by several constituents *D VT Leahy, Patrick J. 1-202-224-4242 na Leahy is the sponsor of the bill (bad) Voted in favor of the bill leaving the Judiciary committee. (bad) R VT Jeffords, James M. 1-202-224-5141 na D WA Murray, Patty 1-202-224-2621 1-202-224-0238 R WA Gorton, Slade 1-202-224-3441 1-202-224-9393 D WI Feingold, Russell 1-202-224-5323 na *D WI Kohl, Herbert H. 1-202-224-5653 na Voted in favor of the bill leaving the Judiciary committee. (bad) D WV Byrd, Robert C. 1-202-224-3954 1-202-224-4025 D WV Rockefeller, John D. 1-202-224-6472 1-202-224-1689 *R WY Simpson, Alan K. 1-202-224-3424 1-202-224-1315 Voted in favor of the bill leaving the Judiciary committee. (bad) R WY Wallop, Malcolm 1-202-224-6441 1-202-224-3230 Representatives (selected): Dist ST Name, Address, and Party Phone Fax ==== == ======================== ============== ============== * 16 CA Edwards, Donald (D) 1-202-225-3072 1-202-225-9460 Sponsoring the FBI's 1994 Wiretap legislation 9 NJ Torricelli, Robert (D) 1-202-224-5061 1-202-225-0843 Undecided; has been contacted by several constituents. Previously voted to gut crypto export provisions on Rep. Cantwell's crypto export bill (6/15/94). 5 NJ Roukema, Marge (R) 1-202-225-4465 1-202-225-9048 Undecided; has been contacted by several constituents. 8 NJ Klein, Herbert C. (D) 1-202-225-5751 1-202-226-2273 Undecided; has been contacted by several constituents. 12 NC Watt, Melvin* (D) 1-202-225-1510 1-202-225-1512 Opposed to the bill. Voted against it in the House Judiciary Committee. Watt will receive a commendation from VTW unless he unexpectedly changes his position. 1 OR Furse, Elizabeth (D) 1-202-225-0855 na Opposed to the bill. Furse will receive a commendation from VTW unless she unexpectedly changes her position. * 9 TX Brooks, Jack (D) 1-202-225-6565 1-202-225-1584 Claims he is undecided, but chose to allow the bill to leave the committee, suggesting a position in favor of the bill. 8 NY Nadler, Jerrold (D) 1-202-225-5635 1-202-225-6923 Undecided; has been contacted by several constituents. 13 NY Molinari, Susan (D) 1-202-225-3371 1-202-226-1272 Undecided; has been contacted by several constituents. 5 MN Sabo, Martin O. (D) 1-202-225-4755 na Undecided; has been contacted by several constituents. ------------------------------------------------------------------------------- BRIEF EXPLANATION OF THE BILLS The FBI's Wiretap bills (also known as the DT - Digital Telephony bills) mandate that *all* communications carriers must provide wiretap-ready equipment so that the FBI can more easily implement their court-ordered wiretaps. The costs of re-engineering all communications equipment will be borne by the government, industry and consumers. It does not cover information service providers. The bill is vague and the standards defining "wiretap ready" do not exist. Furthermore, the FBI has yet to make a case which demonstrates that they have been unable to implement a single wiretap. Although we as a society have accepted law enforcement's need to perform wiretaps, it is not reasonable to mandate this functionality as a part of the design. In itself, that would be an important debate. However without any proof that this is indeed a realistic and present problem, it is unacceptable and premature to pass this legislation today. The Voters Telecomm Watch (VTW) does not believe the FBI has made a compelling case to justify that all Americans give up their privacy. Furthermore, the VTW does not believe the case has been made to justify spending 500 million Federal dollars over the next 4 years to re-engineer equipment to compromise privacy, interfere with telecommunications privacy, and fulfill an unproven government need. There are some privacy protections built into the bill. Their benefit does not outweigh the damage that building wiretaps into all communication does, however. Some clever proponents of the bill have even touted the fact that the bill "increases" privacy. @PATH: 325/805 3615/50 374/1 98 14 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: George Hannah 6 Oct 94 23:35:50 Subject: authors [Was: Re: Need recommendations]UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 03 Oct 94, George Hannah was quoted as saying: GH> Can someone tell me who the authors of these two programs are, and GH> where they are available (if shareware)? I'd like to try them out. here's the author info from their various docs: SECUREDEVICE VERSION 1.2 Copyright (C) 1994 by Max Loewenthal and Arthur Helwig - see chapter 6 April 30th 1994 SecureDrive V1.3d Documentation | Edgar Swank | S e c u r e F i l e S y s t e m Copyright Peter C.Gutmann 1993, 1994 these are available here as: SECDEV12.ZIP SECDR13D.ZIP SFS100.ZIP for file request or download [407-383-1372] for first-time callers. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLpTCGssQPBL4miT5AQG78AP/YCSIkpBqnfA1fqrCeDlOpmNWBIp0hZlR hjCYSCEggv3Cm/gppJKTiiwjkrj3VdqPRdsJcYUlEn0zMGUpbh3Vcvf+p7Ag8jWX kle2lf5mi1W4ZCkYL9gs447zICq22NYTpe4Jy4NEway52/dO1K/jMInj059JCt/l 6prJi1xrJVw= =eU/S -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: George Hannah 7 Oct 94 11:45:24 Subject: Re: Need recommendations UpdReq Despite the stern warnings of the tribal elders, George Hannah said this to Shawn McMahon: GH> Can someone tell me who the authors of these two programs are, GH> and where they are available (if shareware)? I'd like to try GH> them out... SFS is written by Peter Gutmann. SecDev is written by Edgar Swank. You should be able to find both of them on 374/14, Chris Baker's system. Along with SecDr, the authors of which escape me for the moment. Filenames may change as versions change, so get his filelist. 201434369420143436942014343694201434369420143436942014343694718 From: John Schofield Area: Public Key Encryption To: Shawn McMahon 5 Oct 94 15:40:36 Subject: Bug in PGP signatures UpdReq -----BEGIN PGP SIGNED MESSAGE----- --====-- JS> Hello, all. I just wanted to report a bug in PGP I've found out JS> about on ALT.SECURITY.PGP. I verified it, and it really JS> works. SM> Works with RG's OS/2 compile of 2.61. Easily noticeable, however, SM> even BEFORE you attempt to check the sig, since PGP always puts a SM> blank line. It's possible to have a tab or space on the first line. It is non-blank, and PGP will act the same as if it had text on it, but it will appear to be blank to human eyes. The only way with current versions of PGP is to check the output file. JMS ... He who gives up freedom for security deserves neither. -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Call 818-345-8640 voice for info on Keep Out magazine. iQCVAwUBLpMqjGj9fvT+ukJdAQF6owP9Fh1CqGQpyxt1n9Ea8/0a4ZOad2Gz6EGh 4nBWLkuPQzxLufubOKhHskZyCHhztl95AguffNNPnqZku8xg2zmq1yVttyGKdusT RVVIE6ZZRkdaHTZF8CnrT1hdeH+T20LKpHrTec1HZW+WwooSUtAO53n0QLIlZTsY w7hBFpFi1GI= =evOL -----END PGP SIGNATURE----- **EZ-PGP v1.07 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Eric Nystrom 8 Oct 94 11:40:18 Subject: Bug in PGP signatures UpdReq Despite the stern warnings of the tribal elders, Eric Nystrom said this to Shawn McMahon: EN> However, a "blank" line could have a single space character, or a EN> tab. Both of those, verified by tests, work, so you could have a EN> perfectly fine-LOOKING message and still be getting fooled. However, Eric, it's highly unlikely that you're going to look at the message, and get false information because it had a character you couldn't see up on the first line. Remember, the ONLY problem this "bug" causes is if you look at the message before stripping the sig, and think those first text lines are signed by the person who wrote the message. When you check the sig, those lines get stripped with the sig. 201434369420143436942014343694201434369420143436942014343694718 From: John Ross Area: Public Key Encryption To: Shawn Mcmahon 4 Oct 94 23:06:08 Subject: Where or Where is pgp2.6 UpdReq Where and How can I get a copy of the latest release of PGP? Is it pgp2.6 or pgp2.6.1 or pgp 2.6.1a? or something else? None of the bbs in my area have anything newer than pgp2.6 I realize that this may be an involved question to ask of all of you, but of all the echos this seemed most appropriate. ___ * SLMR 2.0 * Government is the only known enemy of intelligent life. 201434369420143436942014343694201434369420143436942014343694718 From: Brian McMurry Area: Public Key Encryption To: Alan Pugh 5 Oct 94 16:19:16 Subject: Re: Key Change? UpdReq -----BEGIN PGP SIGNED MESSAGE----- On Sat 24-Sep-1994 8:17a, Alan Pugh wrote: AP> wes is correct. one way to clarify this a littl might be this... AP> pgp doesn't really care what your 'name' is. it uses the key id, AP> which in my case is 4fa2e1 as seen below with the -kvv switch. AP> Type bits/keyID Date User ID AP> pub 1248/4FA2E1 1994/05/13 Alan M. Pugh <0003701548@mcimail.com> AP> sig 751CC1 Benjamin T. Moore, Jr. <1:231/110> AP> sig D17C47 Al Thompson <1:231/110> AP> sig 4FA2E1 Alan M. Pugh <0003701548@mcimail.com> It can/does make a difference if you have multiple user id's and sigs since the sigs do not automatically attach themselve to all of your AKA id's even though they have the same keyID. My own case as an example: (My config.txt has MyName = "The Paladin") pgp -kvv "The Paladin" Type bits/keyID Date User ID pub 1024/96B258DD 1993/07/01 The Paladin sig 96B258DD Brian McMurry The sigs do not carry over. The -ke switch only has two options: add new ID, and change pass phrase. -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLpJjHd2dg1OWsljdAQGRogQA8XxcHhMHBnZKMNXThjl7UVTPw1P1xvxA t8oWKqf0N1USugmbLArdPsHdUUt5cLUJIOP2qTyuWgUQbtUNp0kyu5HkjENSmIwG sg7y8d1oZ3u0fW8e7ztXeCmhOlQm3mt/el5uo8njyMel1PVWIBu4j5hPD1Fukz95 CMVFX4eh9+o= =1i9e -----END PGP SIGNATURE----- Above sig was generated with pgp -s "Brian McMurry". Below was performed on the same text leaving out "Brian McMurry" ("The Paladin" used as default). It generates a different and often unverifiable sig. I see this as a failing in PGP since AKAs are not being treated as transparent. :-( -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLpJjiN2dg1OWsljdAQH6NQP7BlbnCi2bBbGDKKl3aGYrlq00X8WQKM/s gaTnomCg0CSG+ERY6/0sDgsb7ETeEgqNBw9CSUwzeHqu08zKqa3b7HUjzOX7Pchq hnW6+Vjr8H7S1SAi/HKvGw04Ih+L0pgljHqzoReeNNyfQJRf77bx4fL/nrOZHfow 4wFVGlnEa/4= =RL7F -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Brian McMurry Area: Public Key Encryption To: Jim Cannell 5 Oct 94 17:52:40 Subject: Re: Bug in PGP signatures UpdReq -----BEGIN PGP SIGNED MESSAGE----- On Fri 30-Sep-1994 6:27p, Jim Cannell wrote: JS> When checking a signature, If the first line after the JS> "-----BEGIN PGP SIGNED MESSAGE-----" line is NOT BLANK, PGP JS> will ignore everything UP TO the first blank line. This is JS> NOT an error in the way PGP checks a signature--only an error JS> in the way PGP decides what to check in the signature. JC> It looks like a work around would be to always make sure that the first JC> line in any PGP signed plaintext is blank. Don't trust anything in JC> which the first line is nonblank. Another option is to allow only one or two lines of header to be skipped. 90% through armor.c is: /* Skip header lines until a blank is hit */ do { ++infile_line; status = skipline(in); } while (status != 0); Which could be changed to: /* Skip up to two header lines */ infile_line++; if(skipline(in)) { infile_line++; skipline(in); } -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLpJ3F92dg1OWsljdAQGDAQP/Xu92WmY5KG3nSTw2Y9/dNVl8giVtjaKu SSAp98uO/3BULiZPy/0s+xf+/S609dzV+G+6Biev/W564xt/PYjbilR3seePOERl VkEBhKvUL2Hye2SCO8XSlpEXwtnUwlhqJxsPPg1EWRa4E0+EjZ4ecQAUn9Wi2VXk bHrcy/u8g48= =Dx42 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Brian McMurry Area: Public Key Encryption To: Christopher Baker 5 Oct 94 18:01:18 Subject: Re: making a point? [Was: Who's This AshwortUpdReq On Fri 30-Sep-1994 12:59a, Christopher Baker wrote: CB> a point is nothing more than a User with a mailer. Though there ARE some full BBS's running as points... 201434369420143436942014343694201434369420143436942014343694718 From: Brian McMurry Area: Public Key Encryption To: Jackson Harding 5 Oct 94 20:03:08 Subject: Re: PGP Signatures UpdReq On Sat 24-Sep-1994 6:07p, Jackson Harding wrote: JH> I allow signatures, I don't see that encrypted echomail serves any JH> purpose, if you want to send encrypted mail why not send it direct to the JH> recipient via netmail? What about encrypting to multiple recipients? The only 'bad thing' I see about this is that even a one line message gets greatly expanded. Example, the text reads "You're on my key ring!", but look at the resulting size: -----BEGIN PGP MESSAGE----- Version: 2.6.1 hIwDqBMDr1ghTDcBBACZmvLB1yEQmOLXanLXySEcZkguDOHqYcONKwmEUazGnlyy WMGXvTMjn+lEJvcbiWkguSXoiklkhZhtRfr1BtMOqsWUeBw4d5WXAYaBojdMRIkD Ti+6clrjZD6l/offd6MD3VuR1xW2/iQ1g1L7d6vd7XlViWvE1B9WpRRHymp1LISM A8UThsUodI4FAQP/WUfeKTwmhGkazkRhOJulyN43frRb9k+Elqazx03F2TtkzK8y mcFGtAclg6ZVVaBS5ojXGTvdJ0K5VCHKRYKomb+ytDl5mL3QUqr/x3DNiN3Wmdwc Kr3jKjvWApVEcFSFvyUWY9oMVPT8dd0/PdP0tpaW4+WgG4kueoOSmpq7xsyEjANw JMbjq3efcQEEAJesbIOwVzLmNHBN6AN0FiZguIDq4h3YFGfWe0cvhW5CzSf35m9f hOC+1UunN+DX2MgRlaHMJy8W+1ANXWsTDRcszn3XhgHb1ddYQh+eDUThRl41oUcR CY/TdkhfiCHaRK1spInspPdRRueEGfqNOETH/lDItZ+glYzxqahChIauhEwD5r3J WiZFxb8BAgCRaFkZHYP44F91OQ3uTpSqIT3LkQFojBAtfYYATPUKx7pmjcaweDT0 HJYeTRmUGVdeRI2dPRUOtkKARToyRwd2hIwDQpXHCNz8KyUBA/9p5RZ+BoqB0vCK 9wiJpbKTckPqBai2ZHiRXcx1toc9R3S1idQp0Rr+4gY2RQyN4KJRG0tSILYgwkB/ sPQHoIL5scpeu+QId7L9gskG2ZYAGbdxzyT90thzAI8lArwjRSlpk6mjcJ43LLuk k8PVwlzLGHeVAwqQG4wvjlTistQB/oSMA7rdt/10TGt3AQP/fFYanR1kxPsPTncb vxQWp1ZslpdZeO5g47vqI9UR7aGO65aquQMxohbZd5ELbc7TpX0hBPjhwu10OLqN dtSjmcBgaAqKxXJtePTwKW8mrQVl8b10FpO3zYf4VJQaPd6gesSFLSI7MNkU/6GR xX5lna1DV+3nmaJbtOKI5pXhb7SEjANWwg/gIOVH9QED/1AqT3LsTzj/wXOuT8ro IQDzZlhElhzUH1lAHzPBl2o4wIb5GFqLnrZ3ozK1iWxYrswn2KkuV4+Hkz63Bm83 QECNucqS5tFOUeCdS7gZE00UHq7E6umV6vavt331urfZZQeEQClGm/SGewwQCQqL XNjIRfcggCTUwLMNuoAsTtXphIwD3Z2DU5ayWN0BBADZk+4Zan9yZdrq1HJbXgRD 8x6VKM7onJYEwztSfa84WDfqJig/Cog5xE8Ts/tPNRZ/c17DBcRL+fnRT2a5SVco X28Zrj0JdyOJ67s/7t0IHULMcpvf86iw0Q+EMq4qnYNNFXYCyCGrE7l5RU3gLP0x p0jpMRu7cQrX1tsHGyANDoSMA9e9Wes4viRZAQP/TUIG/ns8lP1kXVnSc7hxS1a0 Evpy4uxUBhiEtIZcvSIDilsIYv07GJst4GlmhSD9wpdTqRlUnf7BApIX+HfhmZZZ /TqFrRG6Mhu0UQ5Oc/NfRAAkpGW84h5om7KKSOKfD6OIUKVBxlKIIqrJQfghJWLq ItoehA5jGzM8wPG8cwCEjAM5baSRgStjrwED+wZMwG1FRdsZOEznctTuz7nOhuGx ya313Z2v8SIG3ZtYmpXPMmcySROU7DA0G5MVSAeeY7THcbbe1mg26Mdkpil1hpNT llwQ9xVg91Bg73COjwDvNcNOvWQiPLOKFXIbkCKasYXIRMzC13mvC4b/K+WOv+03 7J2o3HhTmGWzxp/XhIwDzrhG5VWC+1EBBACwEmt3Zg8dV83Tj7DlZgtXqse8WgT+ 2gNBwoi6WCI1rjlTbk9On7Lj7vc3LSnLoHQf+YsJyaUNCIfBM8WAFSW934vpGdgl gGae9k+MqgZ0XxLm73Bbr2zpMcRXYXlyf03nGX1VPYh/pE49G4sWBAZk/HeWkQ82 wa60bxkRde3CJoSMA1mu02M4sgFbAQP/cAXqdbhWdqNPshQVcfLYx+tv4oNsJj99 aXAhljDRZL8wMUje2/NAoedGnBVlMDELC9Wnc/M6Ta/xhsknYMWUS4i0pQKaaFFb DweBUZyaEHHae7L5BmrfbBP6D9b30fE1KgdDnxJNTu5RLhWFIjLikrGM0+6QFFGf ktEgk/jjMtKEjAPZMwnfTfImiwEEANKj+4kHQyU4eEYCpBp/uVyfSXHmPxnK5zWC lcY9TH5C+rQOIie15TPMQhd0B2tLAy+jF3NCiN/1sBmWF8CwzH9XTcXMMuJ2YFQh urcTAIpfcCAo2kQhaNO8x5dgYm+Yg4fkN/vPwOqHA4LmtR4UkKvfcwGFqL/GCUk4 QimsvyFtpgAAADD6dV5mRZdlgnfXQ0ejSP1YLjVwTwdRb2KrpOPJiZMEC3ux1yYl YiwY6OPCOJsNa/0= =rGqo -----END PGP MESSAGE----- 201434369420143436942014343694201434369420143436942014343694718 From: Casey Cady Area: Public Key Encryption To: Shawn McMahon 5 Oct 94 13:33:40 Subject: New To Pgp UpdReq Shawn McMahon wrote in a message to John Schofield: SM> However, since most of them rely on an external editor SM> anyway, putting the PGP support into the reader instead of SM> in an external program would reduce flexibility at worst and SM> needlessly complicate the author's job at best. SM> Why do it? Leave it external, and you don't have the code SM> for it taking up memory for people who don't need it. That is true, but the problem is when you have to decrypt a message. As it stands you must manually export the encrypted mail, run PGP on it, read it with a text editor, then go back to the reader to reply to the message. TTYL, Casey 201434369420143436942014343694201434369420143436942014343694718 From: Jim Grubs, W8GRT Area: Public Key Encryption To: David Chessler 7 Oct 94 19:13:00 Subject: Key revocation UpdReq > Also, there are a couple of false keys claiming to be > from Philip R. Zimmermann. You have to check > signatures. From columbine.cgd.ucar.EDU!uucp Fri Oct 7 15:45:46 1994 remote from voxbox Received: by voxbox.norden1.com (1.65/waf) via UUCP; Fri, 07 Oct 94 18:41:15 EDT for jgrubs Received: from ncar.UCAR.EDU (ncar.ucar.edu [192.52.106.6]) by norden1.com (8.6.9/8.6.9) with ESMTP id PAA05702 for ; Fri, 7 Oct 1994 15:45:39 -0400 Received: from sage.cgd.ucar.EDU by ncar.ucar.EDU (NCAR-local/ NCAR Central Post Office 03/11/93) id NAA14732; Fri, 7 Oct 1994 13:46:04 -0600 Received: from columbine.cgd.ucar.EDU by sage.cgd.ucar.EDU (8.6.4/ NCAR Mail Server 04/10/90) id NAA02042; Fri, 7 Oct 1994 13:45:46 -0600 Received: by columbine.cgd.ucar.EDU (4.1/ NCAR Mail Server 04/10/90) id AA06750; Fri, 7 Oct 94 13:45:51 MDT Message-Id: Subject: Re: Your keys To: jgrubs@voxbox.norden1.com Date: Fri, 7 Oct 1994 13:46:04 -0700 (MDT) In-Reply-To: from "Jim Grubs, W8GRT" at Oct 7, 94 10:48:35 am From: Philip Zimmermann Reply-To: Philip Zimmermann X-Mailer: ELM [version 2.4 PL22] Content-Type: text Content-Length: 11519 Hello. Thanks for your email. I hope you don't mind getting a form letter reply. I get so much mail these days. Let me give you some rubber-stamp answers to some frequently asked questions about PGP-- 1) The currently released freeware version of PGP is version 2.6.1 from MIT, which, for reasons of US State Department export controls, is for US and Canadian distribution only. MIT carries it on their Internet FTP site net-dist.mit.edu, in the /pub/PGP directory. An earlier version, 2.3a, was released outside the US and is available on overseas FTP sites. MIT's version is licensed under the RSAREF license from RSADSI, and may be used for noncommercial use in the US or Canada. For a list of Internet sites and BBS systems that have PGP, send a note to Mike Johnson at mpj@csn.org. If you have an older version of PGP, you really should get updated. There is a version for MSDOS (but not Windows), various Unixes, OS/2, Macintosh, Amiga, Atari ST, VAX/VMS, and IBM mainframes. The source code is also available from public sources. There are Internet FTP sites and many BBS systems that carry PGP. For other PGP news, see the Internet Usenet newsgroups alt.security.pgp, talk.politics.crypto, and sci.crypt. These newsgroups are also a good place to find out where to get PGP. In many cases, there are ways to access these newsgroups via email channels. If you don't know how to get access to these newsgroups, ask your local Unix or Internet expert for help. Don't ask me to send you a copy of PGP. 2) If you get a copy of the current freeware version of PGP, make sure it has the PGP User's Guide included in the compressed released package. Under no circumstances should PGP ever be distributed without the user documentation. If you find someone distributing PGP without the manual, please tell me how to contact them, so I can ask them to stop distributing it without the manual before too many others get their hands on it. Any version of PGP found in a release package with no manual is not to be trusted. The software may have been tampered with, and even if the software is OK, no one should use PGP without understanding some of the security concepts explained in the manual, and no one should use or distribute PGP without reading the legal issues explained in the manual. Also, I would recommend that you stick with the official MIT release version of PGP, and stay away from mutant strains. MIT's version comes from me. 3) Often people ask me for a copy of my PGP public key, because they aren't sure if the one they have is really my key. Well, it almost certainly is. I've checked my public key countless times with people who call me up, and it's always correct. My key is so widespread that if someone tampered with it, I would surely have heard about it by now and would issue announcements to Internet newsgroups and electronic Bulletin Board Systems. My key in included in the PGP distribution package, in the file "keys.asc". 4) Often people ask me to sign their key with mine. I can't do that either, because I don't know those people and it would be inappropriate for me to sign a key whose owner I didn't positively identify. This topic is fully explained in the PGP manual. 5) My new email address is prz@acm.org. My old email addresses at NCAR may not be any good soon, so please use the new one. And if you must encrypt any mail to me, please use my newer key (from May 93) that bears the new email address in the user ID field, and not the older key that bears the old email address in the user ID. 6) A fully licensed commercial version of PGP is available from ViaCrypt, for any users in the USA or Canada. It's a really nice product, and has made absolutely no compromises in PGP's security. If you have been reluctant to use PGP because of legal questions, ViaCrypt PGP is just what you need. ViaCrypt has obtained all patent licenses needed to sell PGP. ViaCrypt can be reached in Phoenix, Arizona, at phone 1-602-944-0773, email . 7) I will read your mail much sooner if it's not encrypted. If it really should be encrypted because it is of a sensitive nature, then go ahead and encrypt it, and mark it as something I should read promptly. 8) For those of you who want to donate money to my legal defense fund, please make checks payable to my lead defense attorney: Philip L. Dubois, Attorney Trust Account. Mail them to to Philip Dubois, 2305 Broadway, Boulder, Colorado, 80304 USA. Since I am now the target of a US Customs criminal investigation that has progressed to the level to a Federal grand jury, I need contributions for my legal defense. The subject matter of the investigation relates to PGP and the export control laws on cryptographic software. If you care politically about these matters, that would be a good way to show it. Thanks for your support. If you want to read some press stories to find out why this is an important case, see the following references: 1) William Bulkeley, "Cipher Probe", Wall Street Journal, Thursday 28 April 1994, front page. 2) John Cary, "Spy vs. Computer Nerd: The Fight Over Data Security", Business Week, 4 Oct 1993, page 43. 3) Jon Erickson, "Cryptography Fires Up the Feds", Dr. Dobb's Journal, December 1993, page 6. 4) John Markoff, "Federal Inquiry on Software Examines Privacy Programs", New York Times, Tuesday 21 Sep 1993, page C1. 5) Kurt Kleiner, "Punks and Privacy", Mother Jones Magazine, Jan/Feb 1994, page 17. 6) Steven Levy, "Battle of the Clipper Chip", New York Times Magazine, Sunday 12 Jun 1994, page 44. 7) Steven Levy, "Crypto Rebels", WIRED, May/Jun 1993, page 54. 8) John Markoff, "Cyberspace Under Lock and Key", New York Times, Sunday 13 Feb 1994. 9) Philip Elmer-DeWitt, "Who Should Keep the Keys", Time, 14 Mar 1994, page 90. 9) It has been widely reported in the press that a famous RSA key, known as RSA-129, has been factored. This is an impressive achievement in factoring. Of the four principal workers on that project, three of them were involved with PGP development. RSA-129 is a 129-digit composite number that was factored into two primes, after 5000 MIP-years of computing effort by 600 people in 20 countries over eight months time using a couple thousand workstations. Many people have asked me if this means PGP is doomed because it uses RSA. PGP typically uses RSA keys that are about 307 digits long, far far out of reach of these factoring techniques. I'm told that adding 3 digits to the length of a key causes the factoring workload to double. Three more digits added doubles it again. And so on. Now figure out what that means for adding 178 digits to bring up the key size to 307 digits. PGP is safe from these kinds of factoring attacks for a long time to come. 10) I am available on a consulting basis to help you develop cryptographic products. That is how I make my living. If you need help in this area, feel free to call me at 303 541-0140, from 10am-7pm Mountain Time. I hope that helps. Philip Zimmermann prz@acm.org -------------------------------------------------------------------------- Date: Fri, 24 Sep 1993 02:41:31 -0600 (CDT) From: hmiller@orion.it.luc.edu (Hugh Miller) Subject: PGP defense fund As you may already know, on September 14, 1993, LEMCOM Systems (ViaCrypt) in Phoenix, Arizona was served with a subpoena issued by the US District Court of Northern California to testify before a grand jury and produce documents related to "ViaCrypt, PGP, Philip Zimmermann, and anyone or any entity acting on behalf of Philip Zimmermann for the time period June 1, 1991 to the present." Phil Zimmermann has been explicitly told that he is the primary target of the investigation being mounted from the San Jose office of U.S. Customs. It is not known if there are other targets. Whether or not an indictment is returned in this case, the legal bills will be astronomical. If this case comes to trial, it will be one of the most important cases in recent times dealing with cryptography, effective communications privacy, and the free flow of information and ideas in cyberspace in the post-Cold War political order. The stakes are high, both for those of us who support the idea of effective personal communications privacy and for Phil, who risks jail for his selfless and successful effort to bring to birth "cryptography for the masses," a.k.a. PGP. Export controls are being used as a means to curtail domestic access to effective cryptographic tools: Customs is taking the position that posting cryptographic code to the Internet is equivalent to exporting it. Phil has assumed the burden and risk of being the first to develop truly effective tools with which we all might secure our communications against prying eyes, in a political environment increasingly hostile to such an idea -- an environment in which Clipper chips and Digital Telephony bills are our own government's answer to our concerns. Now is the time for us all to step forward and help shoulder that burden with him. Phil is assembling a legal defense team to prepare for the possibility of a trial, and he needs your help. This will be an expensive affair, and the meter is already ticking. I call on all of us, both here in the U.S. and abroad, to help defend Phil and perhaps establish a groundbreaking legal precedent. A legal trust fund has been established with Phil's attorney in Boulder. Donations will be accepted in any reliable form, check, money order, or wire transfer, and in any currency. Here are the details: To send a check or money order by mail, make it payable, NOT to Phil Zimmermann, but to Phil's attorney, Philip Dubois. Mail the check or money order to the following address: Philip Dubois 2305 Broadway Boulder, CO USA 80304 (Phone #: 303-444-3885) To send a wire transfer, your bank will need the following information: Bank: VectraBank Routing #: 107004365 Account #: 0113830 Account Name: "Philip L. Dubois, Attorney Trust Account" Any funds remaining after the end of legal action will be returned to named donors in proportion to the size of their donations. You may give anonymously or not, but PLEASE - give generously. If you admire PGP, what it was intended to do and the ideals which animated its creation, express your support with a contribution to this fund. ----------------------------------------------------------------------- Posted to: alt.security.pgp; sci.crypt; talk.politics.crypto; comp.org.eff.talk; comp.society.cu-digest; comp.society; alt.sci.sociology; alt.security.index; alt.security.keydist; alt.security; alt.society.civil-liberty; alt.society.civil-disob; alt.society.futures -- Hugh Miller | Asst. Prof. of Philosophy | Loyola University Chicago FAX: 312-508-2292 | Voice: 312-508-2727 | hmiller@lucpul.it.luc.edu PGP 2.3A Key fingerprint: FF 67 57 CC 0C 91 12 7D 89 21 C7 12 F7 CF C5 7E 201434369420143436942014343694201434369420143436942014343694718 From: Wes Landaker Area: Public Key Encryption To: Eric Nystrom 7 Oct 94 19:46:44 Subject: Bug in PGP signatures UpdReq -----BEGIN PGP SIGNED MESSAGE----- Anything above this line is invalid. Hello Eric! 06 Oct 94 18:51, Eric Nystrom wrote to Shawn McMahon: EN> However, a "blank" line could have a single space character, or a EN> tab. Both of those, verified by tests, work, so you could have a EN> perfectly fine-LOOKING message and still be getting fooled. You could always do something like what I did at the top of this message. :) Or, the way I do it, just run PGP on signed messages, and look at the output. That works 100% of the time, and takes only a second longer than reading the message normally. =) wjl [Team OS/2] * 1:202/1822@fidonet.org * 371:30/1@chnet.ftn * * wjl@f1822.n202.z1.fidonet.org * PGP Key: AD2254A5 * FREQ: PGPKEY * -----BEGIN PGP SIGNATURE----- Version: 2.61 iQCVAwUBLpYIi8lPrmStIlSlAQGquAP/cLgPjF6S8ntaP8MJqmONefXMByCFwjtF kW8esjWxceBm1K0Ie1ynAhBp/Pu679QO/+mJn5tw5kNZACDDpxBbZa7dKVImjJYV 0MOmLSIhgqwcmAN2AoCN4yLYsC4JTX0vFNxGgL6IANJLOXkPVH6Qbak/n0l4/BzB tw16Bi/KZ8M= =vacS -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Wes Landaker Area: Public Key Encryption To: Christopher Baker 7 Oct 94 20:18:50 Subject: authors [Was: Re: Need recommendations]UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello Christopher! 06 Oct 94 23:35, Christopher Baker wrote to George Hannah: CB> these are available here as: CB> SECDEV12.ZIP CB> SECDR13D.ZIP CB> SFS100.ZIP Do you know if any of these will work under OS/2, if there is an OS/2 version of these programs, or if there is something of similiar functionality for use with OS/2? =) wjl [Team OS/2] * 1:202/1822@fidonet.org * 371:30/1@chnet.ftn * * wjl@f1822.n202.z1.fidonet.org * PGP Key: AD2254A5 * FREQ: PGPKEY * -----BEGIN PGP SIGNATURE----- Version: 2.61 iQCVAwUBLpYPpMlPrmStIlSlAQFCxQP+MRN+2idzb4YR0TPFe7Xwnpumd+PQksgp 8KqyOitcGDPQy4BIe89Js8x6x4XsCrWfB7H5PVcPGec/zUWkkNojw13kXeWHY5+d Z/cKjqh9UWQMEPdONO+J2an55u09JHP3FYbd2NShyoQAnubobHgC1nCEJ2jD62nv wdy7W1UsLKs= =qjw1 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Mike Riddle Area: Public Key Encryption To: jason carr 26 Sep 94 20:18:26 Subject: Re: PGP Signatures UpdReq In a message to all on Sep 24 94 at 12:24, jason carr wrote: jc> Reply to a message in MODERATOR. >> I suggested to one PGP-booster that they should put the >> signature in kludge lines. If they did that, most readers >> would never see it and I would have no objection. However, >> it appears that PGP is pretty inflexible about the format of >> the signature, so this wasn't possible. jc> What do you guys think about this idea? I don't think it will change the nay-sayers minds a bit, the bandwidth is still the same, and we lose visibility in the process. 0 for 3. 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Raymond Paquin 5 Oct 94 10:39:00 Subject: Rsa broken UpdReq On 10-01-94 (18:30), Raymond Paquin, in a message to David Chessler about "RSA BROKEN", stated the following: RP> DC> According to the RSA FAQ, recent methods of > DC> factoring do not distinguish between strong and > DC> weak primes, so it is no longer necessary or > DC> helpful to test for strong primes. RP>Have you read Bruce Schneier's new book, 'Applied Cryptography'. >If not, you *should*. Schneier speculates that another method of factoring may be developed so that "weak primes" are again weak. A new method of factoring may indeed work for only a particular class of primes, but there is no reason to suspect that that class will be the "weak primes" previously identified--at least I've seen no informed speculation that the class of weak primes will be the weak class for future attack methods. In other words, you can do the test if you want, but there's no reason to suspect it will be helpful in the future, and we know it isn't helpful now. We do know that key sizes should increase from time to time as brute force attacks become more practical with increasing hardware speed, with a limit of about 3100 bits, after which it is easier to attack the Idea key. Factoring times are thought to double for every additional 15 bits in the key. When PGP 3.0 comes out, we will all migrate to larger keys. There are more important weaknesses in PGP's algorithm for selecting and validating primes. In particular, there are several classes of numbers which PGP will accept as "probably prime" which are not. This is due to PGP's use of the Fermat test, rather than certain more recent tests. According to messages on sci.crypt and alt.privacy.pgp, this weakness in PGP will be corrected in version 3.0 ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Walt Haefner 5 Oct 94 11:13:00 Subject: There goes more freedom! UpdReq On 09-29-94 (22:22), Walt Haefner, in a message to Jeff Hancock about "THERE GOES MORE FREEDOM!", stated the following: WH> JH> A reliable message poster left this on my system. Thought I would > JH> share it with you. WH> JH> >----------------------------------------------------------------------- > JH> - (UPI) WASHINGTON, DC. The White House confirmed today that the >FCC > JH> will become the Federal agency to assume responsibility for >regulating > AP> =snip= WH>Well, seeing as how the responder snipped the rest of this, and I didn't >see the original (musta been one of my "no mail daze" ), could you >repost the article, either here, or through Net-mail? >ANYTHING the Gov't wants the FCC to regulate.... I want to know about! Bogus, bogus, bogus. It's a joke. That's why the responder snipped it. The trick is, it's well-enough written, so the Terminally Humor Impaired (THI) don't get it at all. And that's why I'm not reposting it. ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Shawn Mcmahon 6 Oct 94 10:56:00 Subject: Need recommendations UpdReq On 10-01-94 (21:00), Shawn Mcmahon, in a message to David Chessler about "NEED RECOMMENDATIONS", stated the following: SM> DC> Then you must use SFS which won't let him use a weak passphrase. SM>That was a major part of my decision, yes. Depends upon your definition >of "weak" but it darn sure won't let him use as weak a password as he >wanted to. He grumbled, but I gave him the "I can refer you to a 10 characters, minimum. There are some unix logon password programs that require a digit or punctuation mark (but enforce only about 4 or 6 characters). Gutmann should install similar code. But even mixed case helps a lot, since you can't tell whether you are one bit from the correct password or completely wrong. A 10 character password, if put two words, and especially if mixed case, is not especially vulnerable to dictionary attack, though it can be done. ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Shawn Mcmahon 6 Oct 94 16:05:00 Subject: Bug in pgp signatures UpdReq On 10-01-94 (21:01), Shawn Mcmahon, in a message to All about "BUG IN PGP SIGNATURES", stated the following: SM>Despite the stern warnings of the tribal elders, John Schofield said >this to All: SM> JS> Hello, all. I just wanted to report a bug in PGP I've found out > JS> about on ALT.SECURITY.PGP. I verified it, and it really > JS> works. SM>Works with RG's OS/2 compile of 2.61. Easily noticeable, however, even >BEFORE you attempt to check the sig, since PGP always puts a blank line. Not exactly. PGP's idea of a blank line and your idea of a blank line may be different. Is the next line blank? It contains ascii 255. what about the next line? It contains ^I (if my editor let me do it). PGP does not see these as blank. The workaround for the time being is to put as your first line something like: ===first line of message; anything above this line is not part of the message=== ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Shawn Mcmahon 6 Oct 94 13:46:00 Subject: Re: signing my own key. UpdReq On 10-01-94 (20:55), Shawn Mcmahon, in a message to David Chessler about "RE: SIGNING MY OWN KEY.", stated the following: > DC> IDEA does, get the article that ran last December in Dr. > DC> Dobbs. SM>I did start with the docs. I'll see if my local libraries have back >issues of DDJ. There is plenty of IDEA source code on the internet, apart from what's in PGP source. I don't recall seeing a FAQ, however. SM> DC> BTW, get SFS110, and read the documentation. It's very good, and > DC> you will learn a lot, again, without a bunch of math. SM>Didn't know about 110. I've only seen 1.0. Read those docs twice, >though. So far. The documentation isn't changed significantly for 1.10. The main differences are things like support for SCSI. ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: gk pace Area: Public Key Encryption To: Alan Pugh 8 Oct 94 16:23:28 Subject: Re: Clear-Signed "Hole" UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 04 Oct 94, you were quoted as saying: AP> gp> This reported problem is expected to be fixed, with the release of AP> gp> 2.6.2, which is anticipated to be available within two weeks. There AP> gp> will be some additional enhancements as well. AP> uh, is there any word when it will settle down? this _release a week_ AP> stuff is confusing to many. myself included. i'm sitting on 2.3a until AP> a relatively bug-free, stable and verified version comes out. For the most part, the bugs you've heard of were either problems with "new features", or bugs that existed in 2.3a as well. For example the problem of the claim to handle 2048 bit keys but not being able to... 2.3a can't either. The Characteristic of PGP which allows one to add text to a Clear-Signed message immediately after the "-----Begin" but before the first blank line, exists in 2.3a as well... in fact all versions from at least 2.0 would pass such messages. This really isn't a compromise of the integrity of PGP. The added text is removed from the message as if it didn't exist, it doesn't effect the output at all. Only the text contained in PGP's output has been validated. Altho this isn't a serious bug, it is a problem which can cause confusion, and must be rectified. I've been promised that the next release will have this quirk fixed. AP> i'm beginning to get a mite suspecious of the myriad of versions AP> floating around. btw: i'm using version 0.03 of pgpshell and like it AP> as it is small, fast, and performs those functions i need it to perform AP> quickly and painlessly. the copy i got didn't have docs with it. i'm AP> assuming that you are the author. if so, is it shareware or freeware? The official releases come from MIT. I review them very extensively each time they are released. Altho I've found bugs, and recommended changes, I haven't found any compromises to the security of it. The "versions" issued by the Rebellious Guerrilla have proven to be solid, but are not official releases. I issued the original PGPShell, and it can be considered freeware at this time. I haven't decieded to update it yet. I believe that someone else also released something they called pgpshell, but I haven't seen it. -gk -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: Fight to keep the Basic Human Right of Privacy! iQCVAwUBLpb/uY9JNB7uOPtBAQGgGwP9GInOueb0ypxnsBmAdkl54Ur0n3fGWoy/ qrRDMPilbfR4zKVWgLDIurTbPIZOFM8Q2PtuF7fa+ySsPGa8KVV+n2sbCAGAtrKp m3n0/khfCfiuVvZF6lMPrOzktxVgF6JLlxNXLTWnwhEmkKqQwRaeliEfMbrNlUFN plBPzeDceF8= =CVfc -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: John Ross 8 Oct 94 20:13:46 Subject: Re: Where or Where is pgp2.6 UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 04 Oct 94, John Ross was quoted as saying: JR> Where and How can I get a copy of the latest release of PGP? Is JR> it pgp2.6 or pgp2.6.1 or pgp 2.6.1a? or something else? JR> None of the bbs in my area have anything newer than pgp2.6 2.6.1 is the current, official, M.I.T. release. it is available here for file-request as PGP or download as PGP261.ZIP. you should know that MIT will be releasing 2.6.2 in the next week. so you might want to hold off until then. to download, call the system at 407-383-1372. to freq PGP use Node 1:374/14. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLpc1vcsQPBL4miT5AQHxTgP+OEwDvv3spTRCJjBWhae2PvqIzzwNzum7 j5FTuzB4YJPWWByBAUWxzt4sfz22eLDdU9gMu1aPYOWoV83eetOl8hCOOxg3jXNQ VJLtQSH3GGOA0FDrKX3OT54ijLlZc2vYxiKIiIBB5lAmqI9M6PA3EhbwFKAOJinF knRcrGkeOB8= =yIn0 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Brian Mcmurry 8 Oct 94 20:16:08 Subject: Re: Re: making a point? [Was: Who's This AshwortUpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 05 Oct 94, Brian Mcmurry was quoted as saying: CB> a point is nothing more than a User with a mailer. BM> Though there ARE some full BBS's running as points... my comment was in relation to FidoNet. it doesn't matter what they run under their point. if they are not a FidoNet Node, they are merely a User as far as FidoNet Policy is concerned. a lot of Nodes start out as points. it's a good training ground. it should not be overestimated in importance in Policy, however. [grin] TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLpc2SssQPBL4miT5AQE7sgQAj8j/5OM/hKgJl1Psg3N0n5/3C4lsrU8K uaASHg8a+i4Neb14UP/SnYUlICEE21EUn3N3MlpJo7kr+XyoPp6w1yMktBJjCZvk 5WpgrjM9NgNjBr8esQwz0tusWuH9ZfkSwVGiCRbJ9wbn8A0kYAIF2U8y2YSzPbfH ZKp1cpHK5Ts= =PCCB -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Wes Landaker 8 Oct 94 20:22:22 Subject: Re: authors [Was: Re: Need recommendations]UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 07 Oct 94, Wes Landaker was quoted as saying: WL> Do you know if any of these will work under OS/2, if there is an WL> OS/2 version of these programs, or if there is something of similiar WL> functionality for use with OS/2? =) no, i don't. but someone here will. [grin] TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLpc3wMsQPBL4miT5AQGXYAP/bmT3b23yDcIhh+kh+htb1Zk6v1yH39uq YQ6obXqERsRjy/yo1X44Y49grgTiUXGvEwCA2tKEvWhfwlGBqRYxYpGGaO9nswN1 v7nsIrKz9Ys+GUEG7QBD1X2n5+qYMCkeHhb6zAjavmgDlsw+XWRv3TguiJ5a3akR 2taiBxRV8V0= =Mek1 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Dave Hodgins Area: Public Key Encryption To: Casey Cady 8 Oct 94 21:52:00 Subject: New To Pgp UpdReq CC> That is true, but the problem is when you have to decrypt a message. As it CC> stands you must manually export the encrypted mail, run PGP on it, read it w CC> a text editor, then go back to the reader to reply to the message. If your reader supports an external viewer, then you can use a batch file to view signed/encrypted mail. Here's the batch file I use for viewing such messages... REM ======== begin pgpview.bat echo off REM edit the file first, to allow pcboard extended headers to be REM manually removed (they cause pgp to ignore the message) e %1 REM ramd is a variable that points to my ram drive (with a :) erase %ramd%\pgptemp.out > NUL Find "-----BEGIN PGP " %1 if errorlevel 1 goto nopgp call pgp %1 -o %ramd%\pgptemp.out if errorlevel 1 goto Nopgp goto List :Nopgp copy %1 %ramd%\pgptemp.out :List REM pause to allow viewer to see result msgs from pgp pause list %ramd%\pgptemp.out exit --- * RM 1.3 00820 * Internet:Dave.Hodgins@Canrem.com Rime->118 Fido(1:229/15) 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: John Ross 9 Oct 94 20:23:42 Subject: Where or Where is pgp2.6 UpdReq Despite the stern warnings of the tribal elders, John Ross said this to Shawn Mcmahon: JR> Where and How can I get a copy of the latest release of PGP? Is JR> it pgp2.6 or pgp2.6.1 or pgp 2.6.1a? or something else? JR> None of the bbs in my area have anything newer than pgp2.6 Best place to check in Fidonet is always 1:374/14. He always has the latest MSDOS version, and Rebellious Guerilla's OS/2 compiles get there pretty quickly. Magic name PGPFILES gets you a list. 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Casey Cady 9 Oct 94 20:29:56 Subject: New To Pgp UpdReq Despite the stern warnings of the tribal elders, Casey Cady said this to Shawn McMahon: CC> That is true, but the problem is when you have to decrypt a CC> message. As it stands you must manually export the encrypted CC> mail, run PGP on it, read it with a text editor, then go back to CC> the reader to reply to the message. Depends upon your reader, Casey. With mine, I just hit "change", then right-click to bring up the tools, then select "decrypt". Then hit "save", and then "reply." No big deal. With a reader that uses an external editor, just hack together a quick little program to strip the quotes and re-apply them (couple dozen lines of C or REXX) and you can just use the "reply" option. If the reader authors would put in message-based user-defined tools menus, like SQED has, you could skip the part about writing a program. 201434369420143436942014343694201434369420143436942014343694718 From: Wes Landaker Area: Public Key Encryption To: Casey Cady 8 Oct 94 22:16:14 Subject: New To Pgp UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello Casey! 05 Oct 94 13:33, Casey Cady wrote to Shawn McMahon: CC> @PID: timEd 1.00 CC> That is true, but the problem is when you have to decrypt a CC> message. As it stands you must manually export the encrypted CC> mail, run PGP on it, read it with a text editor, then go back to CC> the reader to reply to the message. Doesn't timEd have the capability to run anything external, like a spellchecker? If so, then you don't need to exit your mail reader, ever. :) I use GoldED, and I never need to exit it for any reason when using PGP. I can sign, encrypt, and decrypt through the use of macros and batch files, which really aren't all that complex. =) wjl [Team OS/2] * New: 1:202/322@fidonet.org ! Old: 1:202/1822@fidonet.org ! * wjl@f322.n202.z1.fidonet.org * PGP Key: AD2254A5 * FREQ: PGPKEY * -----BEGIN PGP SIGNATURE----- Version: 2.61 iQCVAwUBLpd8q8lPrmStIlSlAQGCeQP/Qwz3pCHUGzJgsJBi2YsckhLVyWGyHQKg 2h10ZU0KjA2bjM6zQGoZLUOsPRTbtNZQK2ASioG0oLoQCXcAN/usnFzc6D+f6e80 sEU4zcxgU1+CZFx+cX4ZGnN3MUFz+ULXSOlbibNE9JcV6qQs//KQGHGDpTID9BJd nOVxAHbUEUI= =uIeX -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: jason carr Area: Public Key Encryption To: Brian McMurry 8 Oct 94 11:19:14 Subject: Re: PGP Signatures UpdReq -----BEGIN PGP SIGNED MESSAGE----- Brian McMurry wrote in a message to Jackson Harding: BM> What about encrypting to multiple recipients? The only 'bad BM> thing' I see about this is that even a one line message gets BM> greatly expanded. Example, the text reads "You're on my key BM> ring!", but look at the resulting size: BM> -----BEGIN PGP MESSAGE----- BM> Version: 2.6.1 Jeez Louise, how many recipients were encoded in there? I regularly encrypt to 6-7 people and my msgs are not noticeably longer. jason ... I'm not an actor, but I play one on TV. -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP_ECHO: Encryption, sigs, and fun in D-FtW... iQCVAwUBLpbkFkjhGzlN9lCZAQEvwQP/RxF4TfF8yxDaek5hwCXEYtUuSlUvAFBX jLnohcpim+jOD9KvVqm5YwhE5lcN2wtztJhU6R5Cp3TLSpKULdjMRqA8iyDKEHHj DyI2ya9UkJRgMiMBzTlj+0tTzvZZJyuKQiX3nvPoPM/cKOU0XzYJ7JAUMUwMG6ax bSGjVyrv5Xo= =NctS -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: jason carr Area: Public Key Encryption To: gk pace 8 Oct 94 11:28:12 Subject: Clear-Signed "Hole" UpdReq -----BEGIN PGP SIGNED MESSAGE----- following up a message from Alan Pugh to gk pace: gp> This reported problem is expected to be fixed, with the release of gp> 2.6.2, which is anticipated to be available within two weeks. There gp> will be some additional enhancements as well. gp> Look for the release sometime after this coming thursday. AP> uh, is there any word when it will settle down? this AP> _release a week_ stuff is confusing to many. myself Well, I'm grateful you guys are out there poring over the code and doing what you can to improve the software. I'm just now starting to learn C, so it'll be a long while before I'll be able to make any meaningful changes on my own... :) Thanks again... jason ... Don't drink and park, accidents cause people. -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP_ECHO: Encryption, sigs, and fun in D-FtW... iQCVAwUBLpblOUjhGzlN9lCZAQFYlgQAi9NfCbQpEUcnDCFls4fIYmyHnBtdl2aU 18LJ0zuhVZIYrKsCrPMYPDD/rA9oXAklocKA+xfBOmdkZvj9Lq0mm1uFS6PvaZkc 25Yoes8wRHju7Rs2Aik4JThAGtRUwB+rUHH93nJg1HYNNAcpacN3xvOp79CsvMR/ l8hxubcasSE= =z+C6 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Ross Lonstein Area: Public Key Encryption To: Jim Bell 28 Sep 94 09:53:50 Subject: Re: RC4 Revealed! UpdReq >>"Private computer code revealed." >by John Markoff >New York Times News Service. >San Francisco-- In an act of business espionage whose effects are nto >yet clear, someone has anonymously circulated the underlying formula >of one of the most popular coding systems used to protect information >sent over computer networks. >>The formula, which has been a closely guarded trade secret, belongs to >RSA Data Security Inc. a small, privately held software company in [snip] >Executives from RSA said in a statemet released Friday: "RSA >considers this misappropriation to be most serious. Not only is this >act a violation of the law, but its publication is a gross abuse of the >Internet." [snip] >The formula, which is known as RC4, has become the de facto coding >standard for many popular software programs. [snip] This is probably another example of a mis-informed writer delivering verbatim what his sources told him. Cryptographic formulae are published in journals so that they can be examined by the experts for defects. The general release of the formula can't harm the security of the scheme unless it was already insecure. Neither will it enable an experienced programmer to write a cryptography routine since there are relatively few who can understand the workings sufficiently well to code it. >It is also the only software-based formula that the National Security >Agency, the govenrment's electronic spy agency, will permit to be >easily exported under and agreement the agency reached two years ago >with the Software Publishers Association, an industry trade >association. And there is the proof that it is insecure, the NSA likes it. This garbage about RC4 cropped up over a year ago when Apple and Lotus alpha-ed their 'secure' network protocols. Seems they used unapproved schemes and the NSA didn't like it. They substituted an approved scheme rather than regulate native and foreign sales. Anyone remember this? RLONSTEIN PGP key upon request or via Key servers ... Chicken Little was right. --- * TLX v4.00 * 201434369420143436942014343694201434369420143436942014343694718 From: Ross Lonstein Area: Public Key Encryption To: Shawn K. Quinn 28 Sep 94 09:53:50 Subject: Re: There goes more freedom! UpdReq >>I hope nobody is taking this post seriously. It is obviously a joke >(but a good one!) >>> It came from UPI (or at least appears to have) and you think it's a >> JOKE?! >> Come on... >>> When you're denied access to Internet or limited to 5 MHz or 2400 bps, >> THEN tell me it is a joke. Yes. It is a joke, adapted from the licensing structure for ham radio operators. Lighten up, folks! RLONSTEIN PGP key upon request or via Key servers ... Seriousness is the very next step to being dull. --- * TLX v4.00 * 201434369420143436942014343694201434369420143436942014343694718 From: Glen Todd Area: Public Key Encryption To: Highrchs 10 Oct 94 10:45:00 Subject: Add Pvt UpdReq Control message generated by QMPro 1.53 201434369420143436942014343694201434369420143436942014343694718 From: jason carr Area: Public Key Encryption To: Shawn McMahon 10 Oct 94 00:23:32 Subject: Re: PGP Signatures UpdReq -----BEGIN PGP SIGNED MESSAGE----- Shawn McMahon wrote in a message to jason carr: jc> Maybe it could be generated as a detached sig, but pasted back jc> into the kludgeline. That way it's physical location wouldn't jc> matter? SM> Then you run into problems like: SM> Was the tagline part of the signed message, or added after SM> the sig? Hmmm, i've never made a detached sig, but I would think that problem would hinge on whether or not the certified msg is 'trapped' inside the hyphens-that-demarcate-the-msg. If the txt is demarcated like that, one could add a translation of the Qu'uran or Talmud to the msg and it wouldn't make a difference. Except your mailer might puke. :) If there are no nifty borders on the msg then you are certainly correct, and any added txt would goober things up nicely. jason ... And tomorrow will be like today, only more so. -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP_ECHO: Encryption, sigs, and fun in D-FtW... iQCVAwUBLpjszkjhGzlN9lCZAQH1MAP/Wx6bzcOeNw18P3Y9fp63YsySzMACxDZV ctpSmxBAFK6S8MaSDwApwXjOKdllq7O4Kxu6AaJVASrw219YYf4RID+Ly9T4bQgW 2ygTJYFkHj16EIDz6Orr1CAt+ELblOYbJwP/PsfM2Dt8RFjF4h/z0y0CHifPY/Kv w4ogYNJJV6Q= =7XIk -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: jason carr Area: Public Key Encryption To: Mike Riddle 10 Oct 94 00:28:30 Subject: Re: PGP Signatures UpdReq -----BEGIN PGP SIGNED MESSAGE----- Mike Riddle wrote in a message to jason carr: jc> What do you guys think about this idea? MR> I don't think it will change the nay-sayers minds a bit, the MR> bandwidth is still the same, and we lose visibility in the MR> process. 0 for 3. Damn. jason ... Oh, you ALWAYS get to be Jesus. -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP_ECHO: Encryption, sigs, and fun in D-FtW... iQCVAwUBLpjtPUjhGzlN9lCZAQHP3QP+Kzok0UKmQ0dB1PzUdkek1vD/u15vz0Sg ohDzO1T37tXQA5Xe2JAwuykvCQ7EU9gcDC8yJyhWUfkCTEkcSHQCADNZ16rJ5jcE IfX6S2uY6+YcQDXLmO911l1RdooPwmFffOszV0CPBtIO6M9SN6bI4YMA+fDfAm3Q inIzop7QrTc= =dcsw -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Brad Stiles Area: Public Key Encryption To: Wes Landaker 10 Oct 94 08:21:00 Subject: New To Pgp UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello Wes! WL> :) I use GoldED, and I never need to exit it for any reason when using WL> PGP. I can sign, encrypt, and decrypt through the use of macros and batch WL> files, which really aren't all that complex. =) Do you know how to decrypt a message in GoldEd without editing it first? I haven't seen any way to do this when just looking at the message, which is what I'd like to do. Brad CIS: 76450,3637 Internet: Fido: 1:280/119 tyb30n@mqg1.usmc.mil PGP public key available - FReq PGPKEY or PUBLIC_KEY -----BEGIN PGP SIGNATURE----- Version: 2.7b iQCVAgUBLpkyOzYWOrD6dBJxAQGJggP9EtdLtVSew6gY9ZiC/LrRfQ/MNSb+F7d+ CA+JUGMximHW1rbq6fWuG0N493pxpAuXXDtmUMAD8ZktWZ+mAUy6b3sz7i6lKGCo 7u8C0UdxmYz5qn7Y76MA7dm/iqSoYDHYa29vQMD1Qt1LVtjByQgOCqNz/jQBFVLG jYLlMrw1xPM= =tcc4 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Peter Bradie Area: Public Key Encryption To: Shawn Mcmahon 8 Oct 94 19:11:00 Subject: Need recommendations UpdReq -=> Quoting Shawn Mcmahon to Peter Bradie <=- SM> I have a partition on the client's drive encrypted with SFS. I've SM> admonished him to put all his data files on that partition. Further, SM> deponent saith not. Deponent saideth it all!:-) ... Witches use brooms because nature abhors a vacuum. ... Blue Wave/QWK v2.10 201434369420143436942014343694201434369420143436942014343694718 From: Jim Grubs, W8GRT Area: Public Key Encryption To: Alan Pugh 8 Oct 94 14:26:00 Subject: Clear-Signed "Hole" UpdReq > -----BEGIN PGP SIGNED MESSAGE----- > gp> This reported problem is expected to be fixed, with the release of > gp> 2.6.2, which is anticipated to be available within two weeks. There > gp> will be some additional enhancements as well. > gp> Look for the release sometime after this coming thursday. > gp> > gp> -gk > uh, is there any word when it will settle down? this > _release a week_ > stuff is confusing to many. myself included. i'm > sitting on 2.3a until > a relatively bug-free, stable and verified version > comes out. > i'm beginning to get a mite suspecious of the myriad > of versions > floating around. The MIT version is written by Phil Zimmerman. What the hell more do you want? Sincerely, Jim Grubs, W8GRT 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: David Chessler 11 Oct 94 15:11:40 Subject: Need recommendations UpdReq Despite the stern warnings of the tribal elders, David Chessler said this to Shawn Mcmahon: DC> 10 characters, minimum. There are some unix logon password DC> programs that require a digit or punctuation mark (but enforce DC> only about 4 or 6 characters). Gutmann should install similar DC> code. Already in there, sort of. SFS requires 10 characters or more, and there has to be a space or punctuation character in there. 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Ross Lonstein 11 Oct 94 15:16:54 Subject: Re: RC4 Revealed! UpdReq Despite the stern warnings of the tribal elders, Ross Lonstein said this to Jim Bell: RL> This is probably another example of a mis-informed writer RL> delivering verbatim what his sources told him. Cryptographic RL> formulae are published in journals so that they can be RL> examined by the experts for defects. RC4 wasn't, however. And it's author, Ron Rivest, is quite aware of the implications of that; remember, he's the "R" in RSA. I suspect that his reason for not publishing it was marketting, but others suspect whatever they choose to suspect. 201434369420143436942014343694201434369420143436942014343694718 From: Wes Landaker Area: Public Key Encryption To: David Chessler 10 Oct 94 07:57:22 Subject: Bug in pgp signatures UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello David! 06 Oct 94 16:05, David Chessler wrote to Shawn Mcmahon: DC> The workaround for the time being is to put as your first line DC> something like: ===first line of message; anything above this DC> line is not part of the message=== Actually, I said the same thing, but then I just thought about something . . . if you DON'T add that, but you trust it when you see it, someone could do something like this: PGP Header Fake Blank Line Fake Text Fake Blank Line Anything above this line is not really part of the message _MORE_ Fake Text Blank Line Message Text PGP Sig You could still cause a lot of havoc! ;) I think the best way, until it's fixed, is just to run PGP and look at the output. wjl [Team OS/2] * New: 1:202/322@fidonet.org ! Old: 1:202/1822@fidonet.org ! * wjl@f322.n202.z1.fidonet.org * PGP Key: AD2254A5 * FREQ: PGPKEY * -----BEGIN PGP SIGNATURE----- Version: 2.61 iQCVAwUBLplWXclPrmStIlSlAQHqRAP/bVOT0XFQK8Z7URewvX0+mYlRF+ws4CZI OmiIgXe7hW9/jluAlq5ZET3NM96aF7ETSooifEOAldjqdk/z4Fkr6VPcT0FV3Hir F2X14l7wuYozrmNBsz9Osr6rhNn6aovZQYob+iHmPbAfdIVevFgTmWgjtXa3EGuD V93gbb9HkgE= =CTUs -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Wes Landaker Area: Public Key Encryption To: Christopher Baker 10 Oct 94 07:56:34 Subject: authors [Was: Re: Need recommendations]UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello Christopher! 08 Oct 94 20:22, Christopher Baker wrote to Wes Landaker: WL> Do you know if any of these will work under OS/2, if there is WL> an OS/2 version of these programs, or if there is something WL> of similiar functionality for use with OS/2? =) CB> no, i don't. but someone here will. [grin] Perhaps, then, I'll receive a response from someone else, eh? :) wjl [Team OS/2] * New: 1:202/322@fidonet.org ! Old: 1:202/1822@fidonet.org ! * wjl@f322.n202.z1.fidonet.org * PGP Key: AD2254A5 * FREQ: PGPKEY * -----BEGIN PGP SIGNATURE----- Version: 2.61 iQCVAwUBLplWSclPrmStIlSlAQFOzQQAqG9GsrynFC4GjQ7BvkP69zhb8FbDwJeO ftghi+Juzmh/88MJidfehmtlHhcmxgQqilYwYeUdfHLyL+aSzep2lWA0+pEIDM2s KqinzSUGLaInGsZt4QJHekRUMjfch/6P6JQMn2cVvKbVEAwPA307KpAG5przYqRL PR7b3UdPe0U= =nDLB -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: jason carr Area: Public Key Encryption To: Casey Cady 10 Oct 94 10:45:42 Subject: New To Pgp UpdReq -----BEGIN PGP SIGNED MESSAGE----- following up a message from Wes Landaker to Casey Cady: CC> @PID: timEd 1.00 WL> Doesn't timEd have the capability to run anything external, WL> like a spellchecker? If so, then you don't need to exit your Here's how I do it. It's a little sloppy now, but it works and may give you some ideas. @ECHO OFF cls :: ----------------------------------------------------- :: CALLQ.BAT, a way to make timEd call PGP for encryption, :: decryption, clearsigning, and viewing. jason carr 1:124/3208 :: This .bat requires the following: :: 1) Dos 6.XX, b/c of the CHOICE command, or GET or something :: 2) TILDE, a file with two tildes in it :: 3) TEARLINE, like so, named differently for each network :: ===TEARLINE=== :: --- pgp .bat :: * Origin: FREQ JASONKEY.ASC 214.650.0382 (1:124/3208) :: ============== :: 4) The "editor" defined in timed.cfg must call this .bat :: "Editor d:\squish\callq.bat" :: 5) If PGP is invoked for a given msg, it must first be (W)ritten :: as TIMED.PGP in the directory where timEd is. This can be made :: the default in TIMED.CFG by using, for example: :: "WriteName d:\squish\timed.pgp" :: ----------------------------------------------------- :: ------------------------------------------------------------- :: Sets echo respondents in one variable (multiple recipients) :: 4df65099=me! :: 79410d5d=ls :: 98cbe9bd=th :: 01dd44a9=dh :: 08c756dd=ak :: ------------------------------------------------------------- set echo=0x4df6 0x7941 0x98cb 0x01dd 0x08c7 :: ------------------------------------------------------------- :: Needs to know whether to look for TIMED.PGP or TIMED.MSG :: because TIMED.MSG has indented quotes that choke PGP :: ------------------------------------------------------------- if exist timed.pgp goto unpack goto edit :view :: ------------------------------------------------------------- :: Simply views the signed or encrypted msg, and returns to timEd. :: Msg reply is aborted. :: ------------------------------------------------------------- if not exist timed.pgp goto duhhh pgp -m timed.pgp pause del timed.pgp del timed.msg goto end :unpack if not exist timed.pgp goto duhhh del timed.msg pgp timed.pgp -o timed.msg :: ------------------------------------------------------------- :: If the decrypt fails (sig or post), CALLQ goes to edit it :: TIMED.MSG, as the sig could've just gotten grunged. Of course, :: if you can't decrypt an encrypted post, this .bat won't do you :: any good, anyhow. :: ------------------------------------------------------------- if errorlevel 1 goto fail goto edit :fail cls echo PGP sig failed! Returning to original msg. pause goto edit :edit :: ------------------------------------------------------------- :: TIMETAG is a tagline util written by Richard Coffee. :: ------------------------------------------------------------- if exist timed.pgp goto edit2 timedtag d:\fd\tag /l25 if errorlevel 1 pause :: ------------------------------------------------------------- :: Actual editing happens here. :: ------------------------------------------------------------- :edit2 q.exe timed.msg cls :: ------------------------------------------------------------- :: Poor Speller? :: ------------------------------------------------------------- get c "Spellcheck?" yn if "%get%" == "N" goto pgptest if "%get%" == "Y" goto spell :spell d:\spell\ss timed.msg :pgptest :: ------------------------------------------------------------- :: Ahhh, the goodies! :: The [e] choice invokes the %echo% environmental variable :: ------------------------------------------------------------- cls echo C == Clearsign echo E == encrypt to the trusted participants in pgp_Echo echo N == No pgp echo Y == encrypt - specifY user id or key id when prompted echo. get c "Choice? " ynec if "%get%" == "C" goto sign if "%get%" == "E" goto group if "%get%" == "N" goto end if "%get%" == "Y" goto show :show :: ------------------------------------------------------------- :: Displays keys on keyring, in case you can't remember. :: ------------------------------------------------------------- cls pgp -kvm :: ------------------------------------------------------------- :: Radix-64 encryption :: ------------------------------------------------------------- pgp timed.msg -ea -o timed.msg goto switch :sign :: ------------------------------------------------------------- :: I can't seem to get the -o switch to work while clearsigning, :: hence all the file renaming excitement. :: ------------------------------------------------------------- pgp -sta +clearsig=on timed.msg del timed.msg ren timed.asc timed.msg del timed.asc goto switch :group :: ------------------------------------------------------------- :: This will encrypt the msg with all the hex IDs in %ECHO% :: ------------------------------------------------------------- pgp timed.msg %echo% -ea -o timed.msg goto switch :switch :: ------------------------------------------------------------- :: Now THIS is where it gets weird. TimEd puts the origin and tear :: in the post =before= you edit, so if you encrypt it'll be :: hidden. TEARLINE contains a tearline (surprise) and an origin. :: tilde contains two consecutive tildes, or timEd will wrap your :: block and decrypt/sig-verification will fail. :: :: You can go straight to :fido if you are not running PGP in any :: othernets :: ------------------------------------------------------------- cls get c "{F}ido {D}hy or {C}IA origin?" fdc if "%get%" == "C" goto cia if "%get%" == "D" goto dhy if "%get%" == "F" goto fido :: ------------------------------------------------------------- :: Appends CIA origin :: ------------------------------------------------------------- :cia copy tilde + timed.msg + tearline.cia + tilde fini del timed.msg ren fini timed.msg goto end :: ------------------------------------------------------------- :: Appends DhY origin :: ------------------------------------------------------------- :dhy copy tilde + timed.msg + tearline.dhy + tilde fini del timed.msg ren fini timed.msg goto end :: ------------------------------------------------------------- :: Appends Fido origin :: ------------------------------------------------------------- :fido copy tilde + timed.msg + tearline + tilde fini del timed.msg ren fini timed.msg goto end :duhhh :: ------------------------------------------------------------- :: Duhhhhhh.... Forgot to save the non-quoted ver. No problem, :: will just recycle back to timEd so you can try again. :: ------------------------------------------------------------- cls echo. echo You forgot to (W)rite timEd.pgp!!! echo. pause goto end :end if exist *.bak del *.bak if exist Timed.pgp del timed.pgp if exist timed.asc del timed.asc set echo= :: Have a beer. jason ... There are some who call me . . . Tim . . . -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP_ECHO: Encryption, sigs, and fun in D-FtW... iQCVAwUBLpl+ZkjhGzlN9lCZAQH/QQP/Q6PYsoJiHbvN5ltrUXtFhpLLjPUkledt tF6eYd/s5KU8DIgfcDbe1FuOR0+vOHuDdALshBKyNAvc1U6M5DdQ7SPACZrqNRPq Vf3JHoNuub8BctDILhmHKsyH244t6zHo2vzSHPMw1KkUVDlLYXhjGT7Uy0wb/+jL kFSy/mqbGIg= =vk8M -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Ryan Adams Area: Public Key Encryption To: All 11 Oct 94 20:21:16 Subject: PGP & Golded UpdReq Hello All! I am having some problems using GoldEd 2.42 for OS/2 and PGP 2.6 UI for OS/2. Quite simply, they don't seem to work together using the files and instructions that are included in Golded. I think there might be some incombatible commands, but I am not sure. I really have not too much interest or knowledge in PGP, I simply want to send and recieve fairly secure mail. I'll leave the paranoia to the security freaks who think the CIA is watching them . Thanks Ryan 201434369420143436942014343694201434369420143436942014343694718 From: Ross Lonstein Area: Public Key Encryption To: Shawn K. Quinn 11 Oct 94 12:53:58 Subject: Re: There goes more freedom! UpdReq >>I hope nobody is taking this post seriously. It is obviously a joke >(but a good one!) >>> It came from UPI (or at least appears to have) and you think it's a >> JOKE?! >> Come on... >>> When you're denied access to Internet or limited to 5 MHz or 2400 bps, >> THEN tell me it is a joke. Yes. It is a joke, adapted from the licensing structure for ham radio operators. Lighten up, folks! RLONSTEIN PGP key upon request or via Key servers ... Seriousness is the very next step to being dull. --- * TLX v4.00 * 201434369420143436942014343694201434369420143436942014343694718 From: Randy Edwards Area: Public Key Encryption To: All 11 Oct 94 22:15:00 Subject: [1 of 2] The DT bill just passed in the Senate.UpdReq * Original Message Posted via CIVLIB * Date: 10 Oct 94 19:28:26 * From: Randy Edwards @ 1:325/805 * To: All * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:325/805 17b8c087 ~Subject: Wiretap Watch FINAL EDITION (The DT bill has passed) The Wiretap Watch Final Issue October 7, 1994 Distribute Widely Recent Quotes: (It's been a busy week, we've answered over 2,000 emails) "I think we should adjourn now [..] the country is safer when we're not in session." -Sen. Charles Grassley (R-IA) on C-SPAN "Senator Wallop's office, may I help you?" "Yes, I called to register my support for the Senator's concerned position on the bill." "Ok, got it. Thanks" "Have there been a lot of calls today? Dozens? Fifty?" "Hundreds so far today." -A conversation I had earlier today with Sen. Wallop's office "I called Feinstein again and the offical breakfast food is still a waffle." -Another California caller on Feinstein's FBI Wiretap position ------------------------------------------------------------------------------- Contents A look back at the bill What you should do right now Positions of legislators pro and con Status of the bills Brief explanation of the bill ------------------------------------------------------------------------------- A LOOK BACK AT THE BILL As you may have already discovered the Senate passed the bill tonight on "unanimous consent". Although I will leave the soothsaying to more eloquent folks, there are a number of things that need to be said and people that need to be thanked. 1. A TREMENDOUS AMOUNT WAS ACCOMPLISHED WITH THIS LEGISLATIVE FIGHT During this campaign, we asked people to contact several legislators about the bill. This was a very effective means ofat mobilizing people. When we put out the word that Senator Wallop needed support, hundreds of calls were received the very next day -- their office was stunned. This is the first time many of the sitting legislators learned that constituents were concerned about privacy. We have begun to teach them that this is an important issue. Educating a legislator is an ongoing process that we'll continue to assist with in preparation for the elections. It would be great if legislators begin to consider what effects their actions will have on "the privacy vote." Sincere thanks go out to the literally thousands of people who took the time to call their legislators. The response we received to our alerts was amazing. The mail itself was overwhelming; the letters really kept us going on those late nights. When people wrote to us, saying that they had faxed our press release to a dozen papers and called the same number of legislators, it seemed inconceivable that we should let something as minor as sleep slow us down. Thanks to everyone who contributed by calling and faxing (and sending in corrections). It appears that our technique of providing excellent information with the research done for the reader is a technique people appreciate. We'll continue to refine it in preparation for the next legislative session. 2. THIS COULD HAVE BEEN MUCH WORSE Much worse versions of the DT bill have been introduced. They were all killed before really getting anywhere. When this version was brought up, the EFF had a difficult decision in front of them: assume the soothsayers were right about it passing this year and try to hack in some privacy provisions, or try and mount a fight against it. Other factors such as organizational direction played a part in this decision I'm sure, but I'm not qualified to talk about that. (I'm about as far from an EFF insider as you can get.) There are several privacy provisions that have been added to the bill. Had the EFF not intervened, they would not be there. PERIOD. I think we owe them a thank you for that. Did they really know what they were doing or was it a lucky guess? Who's to say; we all have 20/20 hindsight. When EFF made this decision, it was months ago. They were like an ace-in-the-hole should the bill pass. 3. THIS IS STILL A PROCESS THE PUBLIC NEEDS TO MONITOR There are several ways in which the powers in the bill could be abused by law enforcement. The bill provides law enforcement with unprecedented assurance that a wiretap will always be available. This will subtly change the way law enforcement does its work. ("When your most ubiqitous tool in a hammer, the world starts to look a lot like nails..") Furthermore the process for creating the wiretap functionality standards truly rests in the hands of the FCC. We have seen from past experience with the CallerID blocking fiasco that the FCC is not the bastion of privacy that we wish it was. In that instance, there was significant public outcry against the proposal, and yet privacy still lost. What's the good news? There are organizations who we can count on to watchdog this process. The EFF wrote most (if not all) of the privacy provisions of the bill. They will be in a great position to monitor the progress of this process and ensure that not just the LETTER of the privacy provisions are followed, but the SPIRIT as well. Furthermore, the Electronic Privacy Information Center (EPIC) is aggressive in their FOIA efforts, which keep our government honest. I sleep better at nights knowing they're keeping an eye out. I would have given my left foot to be in the courtroom this week with EPIC when the FBI's counsel asked for a five year delay on releasing twenty @PATH: 325/805 3615/50 374/1 98 14 201434369420143436942014343694201434369420143436942014343694718 From: Randy Edwards Area: Public Key Encryption To: All 11 Oct 94 22:15:10 Subject: [2 of 2] The DT bill just passed in the Senate.UpdReq * Original Message Posted via CIVLIB * Date: 10 Oct 94 19:28:26 * From: Randy Edwards @ 1:325/805 * To: All * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:325/805 17b8c0a5 pages of wiretap data, and the judge told the attorney to "..call Director Freeh and tell him I said this matter can be taken care of in an hour and [a] half." Finally, I want to take a moment to thank David Sobel, Marc Rotenberg, & David Banisar of EPIC for all the help they gave us. Not being in DC, its difficult for us to simply "drop by" the office of a swing vote legislator and present our arguments. We're very grateful to them for this. ------------------------------------------------------------------------------- WHAT YOU SHOULD DO RIGHT NOW Nothing for the moment. The Senate passed the Digital Telephony bill (S. 2375) a few minutes before adjournment tonight. The various holds put on it by Republican Senators were removed and the bill passed on "unanimous consent". This means that there was no opposition to it. President Clinton is almost certain to sign it. ------------------------------------------------------------------------------- STATUS STATUS SB 2375 It passed on the evening of Oct. 7 on unanimous consent literally minutes before the Congress adjourned. STATUS HR 4922 It passed on the evening of Oct. 5 on a voice vote. Oct 7, 94 The Senate passed S. 2375 on unanimous consent minutes before adjournment. Oct 6, 94 Nothing happened, though a Senate vote was expected. Several Senators have placed holds on the bill. Oct 5, 94 House passes HR 4922 on a voice vote. Oct 4, 94 House is scheduled to vote on HR 4922, along with more than 50 other items on the "suspension calendar". The debate took place tonight; the House vote was put off until Oct 5, '94. Oct 3, 94 Judge Richey instructs the FBI to comply with a FOIA request to make available their wiretap surveys (which they claim justify their bill) by Nov. 1. Sep 29, 94 HR 4922 marked up and reported out of the Hse. Jud. Comm and nearly to the full House Sep 28, 94 SB 2375 amended, marked up, and reported out of the Sen. Jud. Comm. to the full Senate Sep 15, 94 HR 4922 hearing held in the Telecommunications Comm. Aug 18, 94 HR 4922 reported back to committee (write to Rep. Jack Brooks!) Aug 11, 94 Sen. Leahy & Rep. Edwards hold a joint hearing on the bills in Wash. DC at 1pm in Rayburn 2237. Aug 10, 94 HR 4922 referred to Subcomm. on Civil and Constitutional Rights Aug 10, 94 SB 2375 referred to Subcomm. on Technology and the Law Aug 9, 94 Rep. Hyde officially cosponsors HR 4922 Aug 9, 94 HR 4922 referred to House Judiciary Committee Aug 9, 94 SB 2375 referred to Senate Judiciary Committee Aug 9, 94 Identical House and Senate bills are announced by their respective sponsors, Rep. Don Edwards (D-CA) and Sen. Patrick Leahy (D-VT) EFF states the legislation is "not necessary" and predicts it will pass regardless. For more information about the Digital Telephony bills, check the Voters Telecomm Watch gopher site (gopher.panix.com) or contact Steven Cherry, VTW Press Contact at (718) 596-2851 or stc@vtw.org. ------------------------------------------------------------------------------- FINAL POSITIONS OF LEGISLATORS Because the Senate version passed with "unanimous consent", all of the sitting Senators supported it. This means that if someone is a Senator, they supported it. No fancy ASCII tables required. Three representatives we know of opposed the bill in the House: Dist ST Name, Address, and Party Phone Fax ==== == ======================== ============== ============== 4 CA Doolittle, John T. (R) 1-202-225-2511 1-202-225-5444 1 OR Furse, Elizabeth (D) 1-202-225-0855 na 12 NC Watt, Melvin* (D) 1-202-225-1510 1-202-225-1512 Please call them and thank them for their privacy stances. ------------------------------------------------------------------------------- BRIEF EXPLANATION OF THE BILLS The FBI's Wiretap bills (also known as the DT - Digital Telephony bills) mandate that *all* communications carriers must provide wiretap-ready equipment so that the FBI can more easily implement their court-ordered wiretaps. The costs of re-engineering all communications equipment will be borne by the government, industry and consumers. It does not cover information service providers. The bill is vague and the standards defining "wiretap ready" do not exist. Furthermore, the FBI has yet to make a case which demonstrates that they have been unable to implement a single wiretap. Although we as a society have accepted law enforcement's need to perform wiretaps, it is not reasonable to mandate this functionality as a part of the design. In itself, that would be an important debate. However without any proof that this is indeed a realistic and present problem, it is unacceptable and premature to pass this legislation today. The Voters Telecomm Watch (VTW) does not believe the FBI has made a compelling case to justify that all Americans give up their privacy. Furthermore, the VTW does not believe the case has been made to justify spending 500 million Federal dollars over the next several years to re-engineer equipment to compromise privacy, interfere with telecommunications privacy, and fulfill an unproven government need. There are some privacy protections built into the bill. Their benefit does not outweigh the damage that building wiretaps into all communication does, however. ---------------------------------------------------------------------------- --- CPSR ANNOUNCE LIST END --- @PATH: 325/805 3615/50 374/1 98 14 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: Jim Cannell 7 Oct 94 23:54:02 Subject: Bug in PGP signatures UpdReq JS> When checking a signature, If the first line after the JS> "-----BEGIN PGP SIGNED MESSAGE-----" line is NOT BLANK, PGP JS> will ignore everything UP TO the first blank line. This is JS> NOT an error in the way PGP checks a signature--only an error JS> in the way PGP decides what to check in the signature. JS> The mathematical methods PGP uses to check signatures (the MD5 JS> algorithm) are not affected by this bug, and are apparently JS> still strong. JC> It looks like a work around would be to always make sure that the JC> first line in any PGP signed plaintext is blank. Don't trust anything JC> in which the first line is nonblank. JC> I'll play with this idea to see if it works. jim, i posted the following to a friend, but figured i'd post it here to you to see what you think as well. -----BEGIN PGP SIGNED MESSAGE----- this is a quick and dirty message to show the true extent of the weakness of pgp clear signed messages. until the bug described below is fixed, don't trust them. amp hello james, you posted a message pointing out the fact that pgp does not barf on clear signed messages that have been altered. my adding lines immediately after the =begin= line and then putting a blank line in to fake pgp out into thinking that that is where the message begins. i've got some bad news for ya. if this message is transferred correctly, the signature will check o.k. now i would like for you to delete the 1st 5 lines of this message, then check it again. it will still be o.k. clearsigning is dead imo until this 'feature' is fixed. how did i do this? simple. the line immediately after the =begin= is not blank even though it appears to be. i inserted a -255, which appears to be a space, but is not. then i added the bogus information to the message. this sucks. it is a SERIOUS bug. i no longer trus clear signed messages at all in echomail. later, amp -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCxAgUBLpYkEdQ9obngT6LhAQHwOQTgixD2xz6CaRk/F2YNTvJaXgNcNc43PP+B FBf3zDy5rlJyiZTCOdsd/uJhcQbfbTOE07vxFplLIgEtB8YrtmpNrZxLyyzildaV mAMNqwmxOi9YojOqR1eZSprrkr2K1xjvx52aU04srBT0EqSC71VvoH9J359qCCtJ 79YueDeSpxeJrseTQreZwLsCOVQ3BF5Gy6zfr/J8vR7PBhi1 =HBk6 -----END PGP SIGNATURE----- ... A DOLLAR is a weight of silver. 201434369420143436942014343694201434369420143436942014343694718 From: Joe Eversole Area: Public Key Encryption To: Brian Mcmurry 9 Oct 94 20:57:00 Subject: Pgp Signatures UpdReq -----BEGIN PGP SIGNED MESSAGE----- BM> What about encrypting to multiple recipients? The only 'bad thing' I s BM> this is that even a one line message gets greatly expanded. Example, t BM> reads "You're on my key ring!", but look at the resulting size: Wow! BM> The following message can only be read by: BM> 0x58214C37 BM> 0x28748E05 BM> 0xAB779F71 BM> 0x2645C5BF BM> 0xDCFC2B25 BM> 0x744C6B77 BM> 0x20E547F5 BM> 0x96B258DD (Brian Mcmurry) BM> 0x38BE2459 BM> 0x812B63AF BM> 0x5582FB51 BM> 0x38B2015B BM> 0x4DF2268B You're the only person I have a key for that you sent this to... Where do you find your keys? I usually add most keys I find in the PKEY_DROP echo... Joe Eversole -----BEGIN PGP SIGNATURE----- Version: 2.6.1 Comment: SecureMail Net Hub, Route PGP mail for Net 231 through 1:231/1400! iQCVAgUBLphkzOFwJfuHmTMdAQHbXgQAgL3d5OkamvIYFY1uzorGNDvtHTQERZeT vps1MF8t8Pg3iIVMAto+fXBQogx1hfSk9tdPyoozRi7y0sDduoL3JEpVYE/FVBen TBnnegohkVZ5vQ1X5EM5SiGjANNn5S729JMizsO9y2Qmz88ZjHXZqpwW4DlUDS7k Yu4io2AfpqA= =b6Ag -----END PGP SIGNATURE----- * RM 1.4 B1371 * while(math_teacher() == talk) fall_asleep(); 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: jason carr 12 Oct 94 09:51:18 Subject: Re: PGP Signatures UpdReq Despite the stern warnings of the tribal elders, jason carr said this to Shawn McMahon: jc> Hmmm, i've never made a detached sig, but I would think that jc> problem would hinge on whether or not the certified msg is jc> 'trapped' inside the hyphens-that-demarcate-the-msg. Yes, but if you hide those hyphens behind control-As, mail tossers are free to add and delete things from between those hyphens. It was a good idea, but unworkable in practice at the present time. 201434369420143436942014343694201434369420143436942014343694718 From: Wes Landaker Area: Public Key Encryption To: Brad Stiles 11 Oct 94 20:40:58 Subject: New To Pgp UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello Brad! 10 Oct 94 08:21, Brad Stiles wrote to Wes Landaker: WL> :) I use GoldED, and I never need to exit it for any reason WL> when using PGP. I can sign, encrypt, and decrypt through the WL> use of macros and batch files, which really aren't all that WL> complex. =) BS> Do you know how to decrypt a message in GoldEd without BS> editing it first? I haven't seen any way to do this when just BS> looking at the message, which is what I'd like to do. Sure! :) Set it to a function key: (out of GOLDKEYS.CFG) F12 ExternUtil03 So I just press F12 to decrypt. =) You can set it to whatever you want, of course. (then in GOLDED.CFG) EXTERNUTIL 1 PGP -sat +clearsig=on @file "@dname" -u "@oname" -o @file EXTERNUTIL 2 PGP -seat @file "@dname" -u "@oname" -o @file EXTERNUTIL 3 PGP @file -o @file Of course, I run it a bit differently, as I have written a fairly complex REXX command script that handles everything for me under OS/2, and gives me the choices of encrypting to multiple people, etc. =) Nothing you can't do under DOS, though. :) If you're interested, I can send it to ya, or post it here. =) Oh, also: check out the EDITSAVEUTIL function. I have PGP Sign and PGP Encrypt right on my save menu, so I never have to exit GoldED at all. =) (out of GOLDED.CFG) EDITSAVEUTIL 1 "1 1 PGP Sign" EDITSAVEUTIL 2 "2 2 PGP Encrypt" EDITSAVEUTIL 3 "3 3 PGP Decrypt" The numbers correspond with which EXTERNUTIL to run. =) The first character inside the quote is the "hotkey" and the rest of it is what is put on your menu. =) wjl [Team OS/2] * New: 1:202/322@fidonet.org ! Old: 1:202/1822@fidonet.org ! * wjl@f322.n202.z1.fidonet.org * PGP Key: AD2254A5 * FREQ: PGPKEY * -----BEGIN PGP SIGNATURE----- Version: 2.61 iQCVAwUBLpta18lPrmStIlSlAQGBBQP/d7jqhPYNqJ8q2N9Z7a7JXNuefZqFJk7H KH6cc5i5qcNJvCjH6BhE/u3pRbCwME2cvc36DKiE0wlpTD8v0ZPi/SX5kjQL04pF dqPtTleBooyHB9pjXgJLmpep62uXPmXLhtQiuIbeUE74HwNHu/TXzky2KV1Fn/LJ cr0c9yo2RP4= =Sv4C -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Glen Todd Area: Public Key Encryption To: Wes Landaker 12 Oct 94 13:32:00 Subject: Re: Bug in pgp signatures UpdReq Wes Landaker mumbled indistinctly to David Chessler something about Bug in pgp signatures --- DC> The workaround for the time being is to put as your first line DC> something like: ===first line of message; anything above this DC> line is not part of the message=== WL> Actually, I said the same thing, but then I just thought about WL> something . . . if you DON'T add that, but you trust it when you see WL> it, someone could do something like this: WL> PGP Header WL> Fake Blank Line WL> Fake Text WL> Fake Blank Line WL> Anything above this line is not really part of the message WL> _MORE_ Fake Text WL> Blank Line WL> Message Text WL> PGP Sig WL> You could still cause a lot of havoc! ;) I think the best way, until WL> it's fixed, is just to run PGP and look at the output. One possible work-around for this would be to add as the last line of the _real_ message test something on the order of: === This is the last line of a xxx line message === with xxx, of course, representing the line count. A simple-and-stupid utility could automatically compute and add the line _just_ before PGP was run. BTW, if you're wondering why this is in clear, it's because I haven't set up PGP yet. I just started reading here. Will f'req the next release when it comes out (supposedly next week.) // Glen ... ARRRRRGGGHHH!!!! ... Tension breaker, had to be done. 201434369420143436942014343694201434369420143436942014343694718 From: gk pace Area: Public Key Encryption To: Jim Grubs, W8grt 12 Oct 94 17:46:10 Subject: Re: Clear-Signed "Hole" UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 08 Oct 94, you were quoted as saying: JGW> The MIT version is written by Phil Zimmerman. What the hell more do you JGW> want? No more than those issued by the Rebel. JGW> Sincerely, JGW> Jim Grubs, W8GRT Just being honest... -gk -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: Fight to keep the Basic Human Right of Privacy! iQCVAwUBLpxZHI9JNB7uOPtBAQGfcQP/UrnHA7zpXBYAMs4IBKkRFSFyhetCfiBM vtK4MzUHfs6abjbgNMPsaACwjp2zWKOlfIfLW9ni2PchmWzctyzbb4lI72q1CD7p ab9L4tWpvff37Nj2o//CMm4mL7YekfyLsk2e/qzDOQoPTD+CjgfTLRvWfql9xI6l Oo4nucdDGjM= =ATGo -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: gk pace 10 Oct 94 10:21:04 Subject: Re: Clear-Signed "Hole" UpdReq AP> uh, is there any word when it will settle down? this _release a week_ AP> stuff is confusing to many. myself included. i'm sitting on 2.3a until AP> a relatively bug-free, stable and verified version comes out. gp> For the most part, the bugs you've heard of were either problems gp> with "new features", or bugs that existed in 2.3a as well. gp> For example the problem of the claim to handle 2048 bit keys but not gp> being able to... 2.3a can't either. The Characteristic of PGP which gp> allows one to add text to a Clear-Signed message immediately after the gp> "-----Begin" but before the first blank line, exists in 2.3a as gp> well... in fact all versions from at least 2.0 would pass such gp> messages. i've played with this to see how much of a bug it is, and i think it is a pretty serious bug to those not _thouroughly_ conversant with the workings of pgp. many wouldn't think to check the output with a messages if it checks out as o.k. i know that i didn't initially until i performed some rather extensive tests. gp> This really isn't a compromise of the integrity of PGP. The added gp> text is removed from the message as if it didn't exist, it doesn't gp> effect the output at all. Only the text contained in PGP's output has gp> been validated. Altho this isn't a serious bug, it is a problem which gp> can cause confusion, and must be rectified. gp> I've been promised that the next release will have this quirk fixed. AP> i'm beginning to get a mite suspecious of the myriad of versions AP> floating around. btw: i'm using version 0.03 of pgpshell and like it AP> as it is small, fast, and performs those functions i need it to perform AP> quickly and painlessly. the copy i got didn't have docs with it. i'm AP> assuming that you are the author. if so, is it shareware or freeware? gp> The official releases come from MIT. I review them very extensively gp> each time they are released. Altho I've found bugs, and recommended gp> changes, I haven't found any compromises to the security of it. The gp> "versions" issued by the Rebellious Guerrilla have proven to be solid, gp> but are not official releases. i'm _hoping_ nothing has been compromised. i don't have the expertise in 'c' or the algorythms involved. however, i figure that anyone who _does_ find a hole will make a name for him/herself. this is a pretty good incentive for those looking into it imo. of course, if someone at the nsa finds it we can be assured they'll never mention it. gp> I issued the original PGPShell, and it can be considered freeware at gp> this time. I haven't decieded to update it yet. I believe that gp> someone else also released something they called pgpshell, but I gp> haven't seen it. that's good to hear. if you decide to release a new ver. i'll definitely check it out. it's one of the few programs i use a _lot_. like i said, i really like the size of the file and speed of execution. of course, i still may not upgrade, but i'd probably register for it anyhoo. heck, i still use a 5 year old editor for 90% of my text. 8*) amp <0003701548@mcimail.com> October 10, 1994 11:20 ... "Free men have arms; slaves do not." - Wm Blackstone 201434369420143436942014343694201434369420143436942014343694718