From: Peter Bradie Area: Public Key Encryption To: Kate Secrest 23 Nov 94 11:05:04 Subject: "homosexual orientatt UpdReq -=> Quoting Kate Secrest to David Lentz <=- KS> Most people understand that normal is a KS> statistical term and has to do with the size of a target group compared KS> to the general population. Using that definition, homosexual behavior KS> is certainly within the normal range for human behavior. Not really, Kate; it appears to be almost 3 standard deviations out. ... Being broke is a temporary condition. Poverty is a state of mind. ___ Blue Wave/QWK v2.10 201434369420143436942014343694201434369420143436942014343694718 From: Peter Bradie Area: Public Key Encryption To: Bob Sillyheimer 23 Nov 94 11:13:06 Subject: Attorney???? UpdReq -=> Quoting Bob Sillyheimer to Lester Garrett <=- BS> I've seen Martin assert this, but do you know this independently of BS> his assertion? You can check him out in Martindale-Hubbell at your nearest law library. If he's an attorney, he'll be listed. ... Even paranoids have real enemies... ___ Blue Wave/QWK v2.10 201434369420143436942014343694201434369420143436942014343694718 From: John Schofield Area: Public Key Encryption To: Glen Todd 24 Nov 94 09:10:20 Subject: Public Keys UpdReq -----BEGIN PGP SIGNED MESSAGE----- --====-- GT> 20 Nov 94 20:16, John Schofield wrote to All: JS> -+---BEGIN PGP PUBLIC KEY BLOCK-+--- JS> Version: 2.7 JS> Comment: Call 818-345-8640 voice for info on Keep Out magazine. GT> How do you get PGP to add this comment line? In my CONFIG.TXT file in my PGP directory, I have the following line: COMMENT="Call 818-345-8640 voice for info on Keep Out magazine." GT> Wind to thy wings, Uh... thanks, Glen. Wind to thine, too. John -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Call 818-345-8640 voice for info on Keep Out magazine. iQCVAwUBLtTGPWj9fvT+ukJdAQHXZgP/ZB6bswQW8K3TevD5SpXBwsQszyIBcetn 0JGtN1eYBoVH0EIqNzHVCS7EZlRzZAYYLy/XnGi0VFNm609nx+QriC2QFN1ZQd0r iyEi8Q+aaeR1GNMSz9F7bOtzhw45I4OInLIF0ECZEvtL/OurwJqjZqu/W7yAKFNx rtwc8PtQ5e4= =W7zr -----END PGP SIGNATURE----- **EZ-PGP v1.07 ... "When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl." 201434369420143436942014343694201434369420143436942014343694718 From: John Schofield Area: Public Key Encryption To: All 24 Nov 94 21:29:12 Subject: Electronic Privacy BBS List UpdReq -----BEGIN PGP SIGNED MESSAGE----- I've decided to start keeping a list of BBS's that have a focus on encryption, electronic privacy, or electronic civil liberties issues. If your BBS would fit on the list, please send me some information on it. You can most easily send this information to me by replying to this message in Netmail. If you're interested in having your system on the list, please include the following information: =========================================================================== SysOp's Name (or pseudonym) : BBS Name : BBS Location (City and state, *not* mailing address) : BBS Phone Number(s): Modem type : Lowest BPS accepted (Are 300 or 1200 BPS callers welcome?) : Number of Lines : BBS Software : Network Membership(s) : BBS Age : Cost : Short Blurb (75- word limit) : =========================================================================== If your BBS's primary focus is pro or con gun control, conventional civil liberties, marijuana legalization, or right- or left-wing politics, please do not submit it. Those are all valid causes, but they have little to do with the focus of this list. This list will be posted to this area (if it's short enough) and will be available for FREQ and download once it is completed. It will be regularly updated. Questions, suggestions, and flames are welcome. John Schofield -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Call 818-345-8640 voice for info on Keep Out magazine. iQCVAwUBLtVyGGj9fvT+ukJdAQFUrAP+KqS7aFxLe2i51+JERBYYEzgngpaiLlhE IpZqf22ls5aP02Ea7kPa0ACXOng6kYF3dX1V+LWjupnleOWRR4u0EJy8KlngGqIr +/W1JgC8NcGLBLa4nvfXHSeaOWWj+8c72aZKA04GKJmDRVxz1GlsN84Oo+5t6arM gRSq4e54Oas= =ty0g -----END PGP SIGNATURE----- **EZ-PGP v1.07 ... There is nothing so permanent as a temporary government program. 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Rich Veraa 27 Nov 94 00:00:10 Subject: PGP versions UpdReq Despite the stern warnings of the tribal elders, Rich Veraa said this to Ian Lin: RV> Paranoia is _not_ "being careful." It's a pathological RV> _irrational_ unreasonable fear. Paranoia is debilitating at RV> best and violently destructive at worst. True, and well put. But then again, just because you're paranoid doesn't mean they aren't after you. :-) 201434369420143436942014343694201434369420143436942014343694718 From: Stefan Hirth Area: Public Key Encryption To: Christopher Baker 20 Nov 94 23:08:16 Subject: PGP UpdReq -----BEGIN PGP SIGNED MESSAGE----- Hello Christopher, hello world! In an article dated 16 Nov 94, Christopher Baker <1:374/14.0> wrote about "PGP": [Sorry if this had already been discussed, I got the area just a few days ago] CB> 2.6.2 is the current release. freq PGP for the archive. [...] CB> Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] Why is this version only legal in Zone 1? Or, better: What is illegal eg in Germany? Getting this version on disk or even via phone line, or just using it? so long _ _/ *tefan*. -----BEGIN PGP SIGNATURE----- Version: 2.3a.4 iQBVAgUBLs/W3FGTGc0lmhf1AQGPBAH/X88p9MDP0WmwASDrqdRWFitc1um/1Slw s/cEMsCrBBFHTUVE3SVub0svzleNKvVWe5HI84fts2KDgyPMQdLHRg== =Ohv2 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Scott Redd Area: Public Key Encryption To: John Schofield 24 Nov 94 00:25:04 Subject: Keep Out *FREE* magazine offer UpdReq Friday November 18 1994 14:53, John Schofield wrote to Reed Darsey: JS> Incidentally, did anyone notice the review of Keep Out on page 183 of the JS> December issue of Wired Magazine? They gave it a very nice review, which JS> I appreciated very much. I understand that "Wired" often makes available electronic excerpts from it's magazine. Dear Moderator, would it be acceptable for it to be copied into this echo when if the e-review is released? Scott # Origin: Orifice -- portable [Omaha, NE] (1:285/5.47) * Origin: PODNet <-> FidoNet EchoGate! (93:9600/0.0) SEEN-BY: 107/946 147/1077 152/53 153/9125 259/212 382/7 640/217 3611/19 SEEN-BY: 9600/0 9608/0 201434369420143436942014343694201434369420143436942014343694718 From: George Foote Area: Public Key Encryption To: All 24 Nov 94 09:04:28 Subject: Social Cryptography UpdReq From George Foot georgefoot@oxted.demon.co.uk November 23rd. 1994 There are hazards for society in considering technical advances in isolation from their applications: It is desirable sometimes to examine progress from a broader viewpoint. I hope that thinking people whether or not technically qualified in cryptographic theory will all contribute to a debate on Social Cryptography and redress any imbalance in this presentation which they feel to exist. SOCIAL CRYPTOGRAPHY My aim is to promote a debate on "Social Cryptography" with the object of obtaining a better understanding of the repercussions on society and the changes in social behaviour which would result if cryptography came into general use on a large scale. Too often innovations are introduced and promoted by commercial interests without adequate consideration of the social changes which will follow and the consequences -- good and bad -- which will be the outcome. An example is Television which has progressed from a laboratory curiosity to become a force responsible for profound changes in the lives and cultures of peoples throughout the world -- a development neither foreseen nor imagined at the time of its introduction as an entertainment novelty. There are indications that restrictions on the use of cryptography which many Governments might wish to impose will be swept aside and that we are approaching the critical point from which a rapid and pervasive expansion in the use of cryptography may be anticipated. However, there are also indications that cryptography could bring about substantial changes in social outlook and social relationships: Such possibilities have received little attention to the present time and have been disregarded altogether by researchers concerned solely with the technicalities of various cryptographic systems. The subject of Social Cryptography is wide ranging: To launch a discussion, I have prepared notes on several TOPICS which have cryptography as the thread and are therefore related. The connection between them will be apparent although I have not at this stage made any attempt to draw them together. TOPIC ONE: I shall only provide a skeleton introduction to our subject as I shall make the assumption that readers have a background in cryptography. Encryption of messages for the purpose of maintaining privacy during transmission has been practised from times far back into history. Until recently, cryptography has been used principally for military purposes and has been regarded as a prerogative of Governments. This attitude is breaking-down by reason of the enormous expansion in electronic transmission of information for commercial and financial purposes and the need which has arisen for cryptography to ensure privacy and protection from fraud. Commonly, the methods employed have utilized a Key (known to the Sender of a message) for the purpose of the encryption of the message and have used the same Key (which was also in the possession of the Receiver) for decryption after the arrival of the encrypted message. A departure from previous practice became possible with the introduction of Public Key Cryptography which has the merit that information can be passed with security but without the need for a previous communication between the parties concerned. It is distinguished by the use of two keys, one of which is Public in the sense that it can be published and the other is Private and is never disclosed. Note that in the following discussion the term Public Key Cryptography has been used to denote a cryptosystem using two keys only one of which has to be kept Private: The other, the Public Key, may or may not be published as the user wishes. The Public Key Cryptosystem proposed by Rivest. Shamir and Adleman in April 1977 (which has become to be known as RSA) is considered to be the strongest cryptosystem of this character. TOPIC TWO: Innovations in cryptosystems for commercial and financial 201434369420143436942014343694201434369420143436942014343694718 From: George Foote Area: Public Key Encryption To: All 24 Nov 94 09:05:28 Subject: 02/Social Cryptography UpdReq purposes have been promoted and confident assurances of the reliability and infallibility of the methods employed have been given: Nevertheless, all too frequently, these assurances have later been demonstrated to be presumptuous and completely unjustified. The ingenuity of fraudsters, the carelessness and negligence of operators, the lapses of vigilance by supervisors, the ignorance of computer technology on the part of administrators and the exposure of defects in computer systems which were acclaimed as perfect by technicians, have all combined to produce lamentable shortcomings in overall performance notwithstanding the intrinsic strength of the cryptosystem employed. As regards the general public, the most striking examples of failure of cryptosystems to protect their interests relate to the withdrawal of money from Banks by means of ATMs (Automatic Teller Machines) and by use of the Cards provided by Banks for that purpose. No more striking example could be provided than the case of apoliceman returning from a holiday abroad who discovered debits in his bank account for which he declared he was not responsible. On drawing the attention of the Bank to this situation, he was charged with fraud and attempting to get money from the bank by false pretences. He was tried and found guilty and thus placed in jeopardy of discharge from the police force and loss of pension. His ordeal persisted for a year until an appeal was heard which revealed the poor foundations for almost the whole of the technical evidence presented at the trial. The case continues and the tribulations of the defendant and his family are not ended. Technology has outpaced the Law and the lives of innocent people may be ruined because of convictions for criminal fraud of which they are totally innocent. It is demonstrable that the courts and the jurors are capricious in their judgments because most frequently they have little understanding of the background to the new technologies. It is urgently necessary that well tried principles of law and justice developed over many years be applied in legal processes involving advanced technology and that the declarations of technocrats be subjected to rigorous legal examination. TOPIC THREE: It is my contention that the methods employed to establish confidence in business and private transactions which have evolved over centuries and are time-tested should be the foundation for creating confidence in "electronic transactions" of the future. Confidence between parties does not develop instantly but matures after a period of satisfactory experiences in mutual trading and shared activities. There is no instant substitute for a trust which has built up over a period of acquaintance involving a progressively closer relationship. One should apply these precepts particularly when seeking to authenticate the cryptographic key of a person previously unknown in order to communicate electronically with him. It has been proposed to establish Key Agencies which would hold a register of Keys which they would make available on demand and that reliance could be placed on keys issued in this manner because of the recognized trustworthiness of the Key Agency. The advance publication and distribution of millions of public keys on a worldwide scale whether in printed form or by Key Agencies and the daily annulment and replacement of many keys which have become suspect would be a logistic problem of nightmare proportions which was open to abuse of every kind including the destructive efforts of people introducing false and forged keys for malicious purposes. It would be unworkable in practice. The publication of public keys in advance is an unnecessary and an unwarranted complication and any advantage this provides is illusory. One part of the illusion is that a public key can be permanently associated with a particular person or company or other organisation: This is not possible. In the first place it is very difficult to ensure that a private 201434369420143436942014343694201434369420143436942014343694718 From: George Foote Area: Public Key Encryption To: All 24 Nov 94 09:06:28 Subject: 03/Social Cryptography UpdReq key is totally safeguarded especially in a commercial environment. The private key will become known to employees and amongst their number will be those who are careless and those who are implanted by opposing interests specifically to gain access to private keys. If there were extensive use of public key cryptography in any large organization it will not be long before the private keys were compromised or suspect of being compromised. The need for periodic replacement of keys would become apparent. But to change a public key at short notice because it is known to be suspect is not a simple matter: That key will have become known throughout the world and will have been registered in various ways in different locations. Inevitably the use of the discredited key will continue for some time and on occasions it will appear long after it is thought to have been cancelled. An approach to communication employing private key cryptography whereby the two parties concerned make direct contact with each other is altogether more practical and sensible than any idea of a universal register of keys. It is also in line with usual business practice and that alone adds greatly to its merit. A direct contact does not exclude from the beginning, if desired, a reference to a third party known to both the principals in support of their credentials just as one would ask for a reference (for example a banking reference) in commencing business with any unknown company. It is likely that the first transactions will be limited in scope but as business confidence grows so the value and number of the messages exchanged will increase -- perhaps to many each day. Under these conditions the keys in use will be fully authenticated. TOPIC FOUR: The explanation is often given without further discussion that the difficulty of breaking RSA is the difficulty of factoring the modulus. It is not usually emphasized sufficiently in my view that a notable weakness in a public key system such as RSA is that the modulus is published in advance of message transmission so that there is an indefinite time available for an enemy to attempt factorization -- and by trying hard enough and long enough he may succeed. With cunning he may make use of this extended period to devise aids to decryption when messages are transmitted. A modulus and a public key are "keys" in the lay sense that they hold the information required for decryption. It seems illogical to me to publish those "keys" in advance of using them to transmit a message and thus to expose them to prolonged and determined efforts to uncover them. The convention is that an encrypted message is sent by Bob and received by Alice: The manner in which RSA should be employed, in my opinion, is for Bob to communicate in clear with Alice and to ask Alice for a RSA key. Alice will then send a "session" public RSA key to Bob (that is a key which will be used on one occasion only) and Bob uses this session key for his message to Alice. Alice decrypts the message with the RSA "private" key she has retained. That session key is then abandoned and never used again. I am convinced that this is a much simpler, safer and more practical method of operating RSA than the proposed method of publishing public keys in advance. The difficulties mentioned above are greatly reduced if session keys alone are used for message transmission and I fail to see that it is feasible or desirable to proceed in any other way in establishing a broadly based public key system operating internationally. In practice the request and supply of a session key would be automated and would present no difficulty, extra work or loss of time. TOPIC FIVE: "What about the vaunted value of digital signatures ?" you may enquire ..... It should be realized that for the great majority of communications a digital signature is not required. Take note of the enormous daily traffic in fax messages which takes place successfully without any provision for signature 201434369420143436942014343694201434369420143436942014343694718 From: George Foote Area: Public Key Encryption To: All 24 Nov 94 09:07:28 Subject: 04/Social Cryptography UpdReq verification. The vigilance of the parties concerned is always by far the best method of detecting fraud. It would be very unwise for someone to despatch valuable cargoes to unknown persons on the strength of a computer generated digital signature which may have been ingenuously falsified. Within the framework of a public key system employing session keys, there is ample opportunity to develop digital signatures which are respected and accepted. It is necessary to make the point that the validity of a digital signature as a proof of authenticity in a case of alleged fraud depends entirely on the proof that the private key concerned has never been disclosed or come into the possession of any other person at any time other than the person originating the message. This is a very difficult thing to ensure in a business environment and could be exceedingly difficult to prove in a court of law. TOPIC SIX: The US Government has proposed to introduce the Clipper system which is a cryptosystem intended for general use throughout the USA in which the keys employed are made known in advance to the US Government so that the Government can intercept and decrypt surreptitiously any message or conversation electronically transmitted within the USA. The limitation is that a court order would be required for a legal intercept. It is proposed that two keys will be needed for decryption and each will be separately escrowed with a different US Government Department and made available only on production of the court order. Advocates of the system say that it is necessary for crime prevention and that the escrow method will prevent any abuse or possibility that the keys are misused. Other people would not give those opinions a moment's credence. Humans and hence human systems are fallible and the humans who constitute any system do not all have the same high minded attitude to their obligations under law -- in fact some have scruples which vanish when money is mentioned, some have no scruples at all and some will be intent on subversion. Apart from all this, public and government sentiments drift with time and each generation will have a modified attitude. One may take the view that any data which should be kept confidential, should never be transmitted via an escrowed system -- that would mean trusting it to people one does not know, whose credentials one cannot examine and whom one cannot bring to account. In fact, it is difficult to believe that any of the people advocating an escrowed system have a belief in it themselves (except perhaps the naive) and their motives when all the smooth talk is stripped away is to maintain the status quo and their own power from which their own employment derives. In any case, the worldwide escrowed system which would be required fully to satisfy commercial requirements is nothing but a dream. TOPIC SEVEN: There is no privacy available for an un-encrypted message except the social convention that one respects the mail of other persons when it is sealed and in polite society one moves out of earshot of telephone and other private conversations. Some Governments will examine mail and electronic communications without compunction: other Governments will be scrupulous in following the procedures to which they are supposed to adhere. But, compliance with due legal process does not alter the fact that surveillance has been conducted surreptitiously. Restraints such as regulations against bugging have little deterrent effect on private agencies who make a living by such practices or by selling the equipment for do-it-yourself interception. The motives of Government are primarily self-preservation and this objective is dominant although it is not automatically to be condemned -- a Government which is unstable is not very satisfactory. Moreover the dilemma arises that there are circumstances in which it may be the duty of Government to be informed in order to protect the 201434369420143436942014343694201434369420143436942014343694718 From: George Foote Area: Public Key Encryption To: All 24 Nov 94 09:08:28 Subject: 05/Social Cryptography UpdReq citizenry. Undercover Police and Secret Police have different connotations but the distinction may not be observed. The only safeguard against ruthless suppression is pressure of (enlightened) public opinion in a democracy. A general proposition that the Government knows best is untenable. Why then should the views held by Government be regarded in any way as sacrosanct or even to be considered as well informed ? One is better advised to submit new thinking to an independent examination. TOPIC EIGHT: The privacy of two people who converse and exchange views when they are alone and in close proximity is held in proper respect because such exchanges occur continuously and cannot be supervised. This does not mean that such an exchange is more truthful or accurate than a statement made in public -- although it may be -- but simply that human society operates in this fashion. The concept that the equivalent of a private exchange between two people can take place when they are far apart is new and unrecognized. As a result of new technology, people who are closely related in their views or their occupations are now often widely dispersed. Members working in a team will suddenly be split and re-located on different sites for commercial convenience. Others may be encouraged to work from home and given the facilities necessary for this purpose; an arrangement which is becoming indispensable for some people. Consider the case of two engineers working together who discuss the details of a design project of great importance to the company which engages them. The ideas they pass to each other may have a direct bearing on the outcome of the project and be of enormous value. The next day they may be miles apart in different company locations but have need for further discussions. The question is should they be regarded as having the same right to a private conversation as they had the previous day when they were together. The present position is that the conversation which took place when the people were together is regarded as legitimate and private. But the privacy of the equivalent conversation taking place when the parties were separated is qualified because the Government insists that it is necessary for the Government to have the facility to access that conversation under conditions which in essence they choose. The issue is brought into much stronger focus under conditions to-day when new communication methods allow a degree of close consultation whatever the separation involved and most particularly when the structure of society is changing to make separation a common feature of modern life. There is little doubt that an exchange of views when two parties are certain they they cannot be overheard is different from what will be said with the uneasy knowledge that it may be recorded and possibly be used secretly to their detriment. But, the right of Government to be privy to an exchange at a distance is not axiomatic and the excuse for doing so that criminals may be detected is hollow and no more convincing than the opposite view that society will benefit from "privacy at a distance" -- only experimental evidence could provide an answer and the experiment has not been made. Social conventions are only acceptable for the period in which they are current. The conventions of yesterday are held to be mistaken or ridiculous. Popular views change as time passes and this process will continue. A case exists for the recognition that society is entitled to "privacy at a distance" and that this is becoming of increasing importance. It may not be convenient for Government to accept this idea; but is that the prime consideration ? TOPIC NINE: I hope that it will be accepted that the introduction of cryptography could have consequences for society of significance and importance. Is it the freedom of the individual or the preservation of the power of the State which is under threat ? Some of the statements made above are irreconcilable one with 201434369420143436942014343694201434369420143436942014343694718 From: George Foote Area: Public Key Encryption To: All 24 Nov 94 09:09:28 Subject: 06/Social Cryptography UpdReq another. Who is to determine which is right and which is wrong ? Who is to compromise ? Who is take a decision on such issues ? The subject of Social Cryptography has been introduced. I believe that it is worthy of serious debate. George Foot georgefoot@oxted.demon.co.uk November 23rd. 1994. 201434369420143436942014343694201434369420143436942014343694718 From: Mike Riddle Area: Public Key Encryption To: Christopher Baker 25 Nov 94 11:04:00 Subject: Call Security INSECURE Pvt UpdReq From: DAVIDCOLSTON@delphi.com Newsgroups: sci.crypt Subject: "Secure Voice" Challenge Date: 23 Nov 1994 21:25:56 GMT Organization: Delphi Internet Services Corporation Lines: 28 Message-ID: <3b0c14$3t8@news1.delphi.com> NNTP-Posting-Host: bos1e.delphi.com Quoting copper from a message in sci.crypt > David Colston posted a challenge last night. The message is > 3765726825591451280397895396633593601035767902320519891 > 3732212339544230432909 > I did not try to factor N. > Don Coppersmith I will take my lumps, because they are due, but I need to know one thing. HOW? If you will explain, then there may be a lot more blown here than my obviously week method. You have my full congratulations. And please pass the word to EVERY USER THAT THE "PUBLIC KEY" of Call Security is not to be trusted. The password encryption is still reasonably secure, but the method will be posted for scrutiny! With that out of the way, please post details. David Colston 'Uncle Dave' Great minds may at times think alike, if at all. Rainbow V 1.08 for Delphi - Registered 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Glen Todd 23 Nov 94 22:17:48 Subject: Re: Public Keys UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 22 Nov 94, Glen Todd was quoted as saying: GT> How do you get PGP to add this comment line? add: comment = Whatever comment text you want but keep it short here to your CONFIG.TXT or PGP.INI [for 2.6.2 and up]. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLtQF4MsQPBL4miT5AQGwiwQAsW/d2DyCnnZLc7YBugZfOVT58g4xV9Yo Dwze4ir/858NarxTrymlsTrh06lw8q5PHOL2hmTAoiLMH/mcpqa87O6ZOU3xyK7v MqnHlgUDVKdpHt2vL61PLpKFcKSZI1nmHOYq2IczPVbmMnF5IO1YkrH5ALO5t627 Pl9DJqMajNc= =/P2g -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Glen Todd 23 Nov 94 22:19:28 Subject: Re: SecureMail UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 22 Nov 94, Glen Todd was quoted as saying: GT> Can anybody tell me of a SecureMail hub serving Fido 1:128. from the last map hatched: |--- 15 Dave Munhollon 1:128/86 X | | | SMH |-- 114 Allen Borovkoff 1:114/169 | |-- 128 Dave Munhollon 1:128/86 X | |-- 303 Thomas Lange 1:303/5 | |-- 314 Doug Preston 1:314/5 TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLtQGQ8sQPBL4miT5AQGsWQP/VNLA2oiiZzyan01XE+JmrJ2gYkhLesLw fpxTT4jGNNeVehTDE81UEr5HZQnpPe/0YFRgWPRGZAwYab/nIKqTunyyuF9gJGNf nQFT9yQFZYiHPtpLElO1gHzGcV7G3xetSa+ncTDXfFkWWBZjeYutUrOp1Xnu6bEL 4byQtUNXoeo= =4Gr9 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: All 24 Nov 94 20:42:20 Subject: Call Security shareware for telephone secure sessionsUpdReq -----BEGIN PGP SIGNED MESSAGE----- just hatched into PUBKEYS was: CALLSEC.FAQ which describes a program called Call Security for using a public-key system to effect secure voice sessions over the telephone. Call Security requires at least a 386sx, a 9600 bps modem, and a sound card. Call Security itself is in the archive: CS102.ZIP which has not been hatched into PUBKEYZ1 [it IS ITAR export restricted!] because i just called the source BBS and a notice there indicates that the proprietary public-key system used by the authors has been broken and they advise not to use that feature and use an online password instead. since the archive is over 400K, i'll just let anyone who wants it in Zone 1 ONLY, freq or download it instead of hatching it out. the .FAQ that was hatched contains many overseas sources for this utility as well for the non-Zone 1 types. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLtVBCMsQPBL4miT5AQEseAP/enirIoddblRsydYK7mPMOedQZx8k2uFS CEyjTLSWeCzDXgCazcMf6t/G1R3Y81PpgPiNzO9Gunkv5L81z2nRyFPOU9lY9SRb HHEUiUdJN65h0cJVoLneN0r1naAhI1sjJ1oJBW+r4hT65LyjjkJpoXNWzEzaCXYo S/jTUahQYcw= =rNyr -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Reed Darsey Area: Public Key Encryption To: Ian Lin 23 Nov 94 04:32:28 Subject: Re: PGP versions UpdReq }Quoting Ian Lin to David Mcintyre on 17 Nov 94 14:07:26{ DM>> find. From what people have said, there should be no distrust over 2.6 DM>> and up. People have had plenty of opportunity to grill over the source DM>> code, and nobody's turned up any possible security holes. IL> Who's qualified to do it? You need people who are good programmers and IL> good cryptographers to really get a look at it. The problem is that I IL> don't really know of many who I would trust. I'm sure the NSA has a IL> lot of them but they aren't our friends. While catching up on a backlog of CuDs (Computer underground Digest) I came across something in Vol 6, Issue 49 (June 5, 1994) that I don't recall being discussed here. The unofficial code modifiers who frequent this echo seem to have given the MIT 2.6 series a clean bill of health with regards to backdoors. And I seen the various myths de- mystified. File 8 of that CuD is titled "Is there an MIT/NSA link-up for PGP 2.6? Some Info". A chain of reasoning is started based on the following initial point: > Piece #1: As you may already know, MIT is the single largest ($'s) > outside contractor to the NSA. The article suggests that MIT and the NSA teamed up to put a backdoor into PGP. He does agree that a review of the source code is the way to tell: > [ . . . .] Until the private sector can review, and analyze this > new MIT/NSA system, one *must* assume that it is as if it contained a > virus, one you may never know it has. From the messages here, and the lack of replacement versions from Mantis and 'Guerilla, I guess it that point has been reached. If MIT and NSA are that close, though, it seems like a "if God is all powerful, can He make a stone so heavy he couldn't lift it?" type of situation. 201434369420143436942014343694201434369420143436942014343694718 From: David McIntyre Area: Public Key Encryption To: Ian Lin 22 Nov 94 03:57:10 Subject: Re: PGP versions UpdReq -----BEGIN PGP SIGNED MESSAGE----- -=> Quoting Ian Lin to David Mcintyre <=- DM> Actually, it will. I don't pay the phone bill. :) IL> 2.3a will take about 3 minutes at 205k at 14.4kbps with compression IL> and error correction (v42bis, v32bis) coming out to about 1600 CPS. IL> Well, if you want it, it's here at 1 613 547 6756, Black IC BBS. Well, I decided to go with 2.6.2. Enough people convinced me that it will do the job with full security. Even if THEY want to decrypt my mail, THEY'll have a hell of a time decrypting it even if THEY have a backdoor. :) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLtGWNP8kpGZ5A7plAQFDAgP+MBECussT1bSCrscAEzNZUgNetrRLTir5 f0j7anXJefQQlFD3rRvAPqklLDnKV2KUjUKOgk4DtcqpmhLTNQ0QxBjVMK974CVn JKD8qPPGi3zpB8+Zue2jaD7FxhcKhXvhj/mPyz105kgzjoF0yvnwibSSTZ8tsDkG TlTI2MPaNz0= =4Bfq -----END PGP SIGNATURE----- **EZ-PGP v1.07 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Shawn Mcmahon 25 Nov 94 22:32:00 Subject: Pgp abroad UpdReq On 11-22-94 (11:47), Shawn Mcmahon, in a message to David Chessler about "PGP ABROAD", stated the following: SM>New Zealand may act like petty children regarding our nuclear wessels >, but it'd be better if the encryption library was done by one of our >ENEMIES. SM>I mean, imagine trying to convince a jury that a man should be sent to >jail for attempting to export a program to, say, England, just because >it contains encryption code written in Libya. SM>Were I rich, I'd move there myself, write it, and come back. To Libya? Everyone to his own taste. According to the current Infoworld, Metcalf's column, MIT is trying to set standards for the World Wide Web (WWW) which will include data security and authenticity. This is clearly an attempt to forstall government mandated (escrowed) encryption, by setting another standard. It's unclear, as yet, exactly how PGP fits into this. MIT is probably going to use a version of RSA that is incompatible with PGP on the Web, but that may not matter, since, if use of RSA and any other secure encryption is permitted on the net, worldwide, then there will be no basis for banning PGP. And MIT may decide to go with PGP. So things *could* be getting very interesting. (BTW, Bob Metcalf is a trustee of MIT, so he may know more than he is telling.) ___ __ chessler@trinitydc.edu d_)--/d chessler@cap.gwu.edu * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: Scott Mills Area: Public Key Encryption To: Frank Hicinbothem 25 Nov 94 15:32:22 Subject: PKZIP security Pvt UpdReq -----BEGIN PGP SIGNED MESSAGE----- Thursday November 24 1994, Frank Hicinbothem writes to Scott Mills: FH> Please don't take this as a flame; it isn't meant as one.... bt when I FH> screw up and someone doesn't get a file that I've told the whole world FH> that I have available, I deliver it, plus an apology on MY dime. It keeps FH> me from becoming known as "unreliable." And so I did on the first dozen or so attempts. After that I gave up even trying to keep up with all the freqs coming in for that file. Since this is not a file board but a semi-private message board I don't really care what you think of my reliablility. The only reason that file name was announced was as an answer to another person inquiry. Sorry I cost you the quarter or so it must have run you for the freq attemp. Scott Born again? Pardon me for getting it right the first time! Scott Mills 1024/26CD5D03 For my PGP key freq PGPKEY sm@f119.n265.z1.fidonet.org -----BEGIN PGP SIGNATURE----- Version: 2.61 iQCVAwUBLtZLkCP6qSQmzV0DAQEMrQQAvFSjNuDXqdq4jrgvI0OKqcmR6KYRFcZB Bs4Xx0F3PjuGl9BeJ+0h7R4arAGYCPsycNY50YYjXgnMIxfUR+ppfRZm+BTLedHO mMxZrExpMo5iXmfgQsd+VzvIjFHFmG4fQdShqZqqTXdNzJsrnzcAkmFH6lD3MDGk +rily9Scy5c= =vUO3 -----END PGP SIGNATURE----- --- 201434369420143436942014343694201434369420143436942014343694718