From: Shawn McMahon Area: Public Key Encryption To: jason carr 28 Nov 94 11:11:08 Subject: legal PGP UpdReq Despite the stern warnings of the tribal elders, jason carr said this to Shawn McMahon: jc> Same could be said about morons and twits, though, except those jc> msgs are generally not flagged PVT. There are several differences. One is that morons and twits don't know any better. :-) 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Stefan Hirth 28 Nov 94 11:16:30 Subject: PGP UpdReq Despite the stern warnings of the tribal elders, Stefan Hirth said this to Christopher Baker: CB>> Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] SH> Why is this version only legal in Zone 1? SH> Or, better: What is illegal eg in Germany? Getting this version SH> on disk or even via phone line, or just using it? What's illegal is this: It's illegal for us to send you 2.6.2. That's it, as far as US law is concerned. I don't have any idea what German law regarding this stuff is. However, if it's legal for you to use 2.3a, it's probably legal for you to use 2.6.2. I am not an attorney, however, and nothing I say should be construed as legal advice; in this country or any other. 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: John Stephenson 28 Nov 94 11:28:02 Subject: legal PGP UpdReq Despite the stern warnings of the tribal elders, John Stephenson said this to Wes Landaker: JS> And, Borland uses PkZip v1.10 since the archives it creates there JS> is publically code to read and decompress it. That's faulty logic; there is more code available to read and decompress PkZip v2.04g files. In fact, there is *SOURCE* code available for that compatibility. Borland is just costing their customers money. And themselves, which in the end is the same thing. But I don't expect sound logic from the company that issued the press release stating that Turbo Modula 2 would definately be ready "May of 1984." :-) JS> has replied, if so forgive me. But what is the *actual* JS> difference between RSA & RSAREF. What's the difference in JS> the two formulae? That question is approximately the same as "what's the difference between an automobile and a Chevy?" They aren't "two formulae." RSA is the fomula; RSAREF is one particular software library implementing that formula. Before, Phil used his own code to implement it. The RSA formula never changed. Output is identical. PGP still uses RSA. That has not changed. The only thing is, now it uses code developed in part by the creator of RSA, instead of by the author of PGP. 201434369420143436942014343694201434369420143436942014343694718 From: John Schofield Area: Public Key Encryption To: Scott Redd 27 Nov 94 21:29:00 Subject: Keep Out *FREE* magazine offer UpdReq -----BEGIN PGP SIGNED MESSAGE----- --== Incidentally, did anyone notice the review of Keep Out on page 183 of the JS> December issue of Wired Magazine? They gave it a very nice review, which JS> I appreciated very much. SR> I understand that "Wired" often makes available electronic excerpts SR> from it's magazine. Dear Moderator, would it be acceptable for it to SR> be copied into this echo when if the e-review is released? I'd be more than happy to type it in, as it's only around 150 words. I doubt Wired would object, but I'm going to contact them Monday to check. (I plan to reproduce the review in more places than this echo.) If Christopher doesn't object, and Wired doesn't object, I'd be more than happy to post it here. Christopher? John -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Call 818-345-8640 voice for info on Keep Out magazine. iQCVAwUBLtlo4Gj9fvT+ukJdAQEcFwQAsVwIAKJNfoRQcGF11kLfZ8wySca8vkUS iGsRJ3hzGSZgLrWff7xuLwRTM8FXIpyx+D8MAWanUNdaraDlJQ2fp2NWJVc+Jb0f v8tb3EpWJj2beyW654E7ERCP8X8fNvF1lky5Q/8KCUrvfHPEpRUijB9HoXWsqstt V8sL8HHdGzE= =cHn9 -----END PGP SIGNATURE----- **EZ-PGP v1.07 ... "What do you mean you reformatted the cat?" 201434369420143436942014343694201434369420143436942014343694718 From: Basil Hoyl Area: Public Key Encryption To: Christopher Baker 28 Nov 94 12:58:10 Subject: Re: Call Security shareware for telephone secure sessionsUpdReq -=> Quoting Christopher Baker to All <=- CB> just hatched into PUBKEYS was: CB> CALLSEC.FAQ CB> which describes a program called Call Security for using a public-key CB> system to effect secure voice sessions over the telephone. CB> Call Security requires at least a 386sx, a 9600 bps modem, and a sound CB> card. CB> Call Security itself is in the archive: CB> CS102.ZIP which has not been hatched into PUBKEYZ1 [it IS ITAR export CB> restricted!] because i just called the source BBS and a notice there Christopher, what is the number for the BBS where you found this interesting item? ... voice (817) 685-0555 [-0593fax] 201434369420143436942014343694201434369420143436942014343694718 From: Basil Hoyl Area: Public Key Encryption To: Jim Grubs, W8GRT 28 Nov 94 13:09:18 Subject: Re: Lawyer 4/4 UpdReq -=> Quoting Jim Grubs, W8GRT to jason carr <=- JGW> I sent a copy of this thread to Phil. He was fascinated. I'm guessing JGW> future PGP versions will not accept keys with "book" type IDs. Well I said that PGP was what we make of it. The corrected statement now reads that PGP is what we make of it until we change it to unmake what we made. If he changes it, I would hope that he would add a (detachable?) database with more power and less ram and delay overhead. I stand by my beliefs, though I changed my key to comply with the present norms and capabilities of the net and the keyservers. BTW, I wonder if signatures on keyrings add a similar overhead in terms of time and size to long ID fields. If he communicates with you about these issues, please post his musings here. Thanks, Basil. ... voice (817) 685-0555 [-0593fax] 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: All 28 Nov 94 12:53:22 Subject: CYPHERPUNKS Echoed UpdReq -----BEGIN PGP SIGNED MESSAGE----- thanks, to John Schofield is now available here in Echo format for those who have already established passworded Areafix links with this system. the first scan brought me 227 msgs. [grin] if you want a link, Areafix it as CYPHERPUNKS. if you don't have a link established, send direct Netmail with session password, Areafix password, preferred archive format, and poll twice a week. thanks, John! TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLtoZF8sQPBL4miT5AQF9OwP+OAROXggEEisZeHYXWiFe4wmhUffoM0qZ 87ikvsEJUuuvgv0Q8X9/wT4EWtHO5Lfez0daPCcyQq5UiAgg3YdXC8zhIW1yZuzY gw0TOZOzXTSUsWRSBOUPxICapsQY6/zU4Pg4LN4w2RllYGn/bVoYtqm5tf+tn3Qx 1nVo7hhmGN8= =3OYH -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Jim Grubs, W8grt 28 Nov 94 15:32:00 Subject: Re: PGP 2.6.2 OS/2 compile? UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 23 Nov 94, Jim Grubs, W8grt was quoted as saying: JGW> He's home now and has been for a week or so. Got an e-mail from JGW> him just today thanks, i'll tell GK. where you been hiding? [grin] TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLto+S8sQPBL4miT5AQFQcgQAt5KIWGcowsZR+BK/6RoamKaFuI2Psmsu MEOg/gST12kCyItDihcNCzQNVAATwO2i6LqPKfrq57BbZKefKOLtaI/hOqpe6ttb /bnqOD7/amMGZNWTt5SpsT5VAYuaGlvv26pXd0y8Y3BSvC3JHeNy5hi6P3g+mG7r qNnK+Qdxf/4= =Au+A -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Glen Todd 28 Nov 94 15:33:28 Subject: Re: Public Keys UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 27 Nov 94, Glen Todd was quoted as saying: GT> Thanks -- got it. GT> Comment: Joe McCarthy would have loved the Clipper chip. so i see. [grin] TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLto+mssQPBL4miT5AQHEGAQAoFnOg75Ykhlm2+6+fXE5pRZmWz7l7mhC KQffeng8rsyXUXJylLyItIkyyAlwJR6Qq2qQprR4/aCC/8diGIREmaL3iIP+CboL 9Ym8dZ640Xs8sFeXxn6Q4YcF+hMClpoDPswhCYxxszoWFylMa0p5qyZ3/mnAPdrv yJ61ES27QKI= =MAdU -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Glen Todd 28 Nov 94 15:36:52 Subject: Re: SecureMail UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 27 Nov 94, Glen Todd was quoted as saying: GT> CB> |-+- 15 Dave Munhollon 1:128/86 X GT> CB> | | GT> CB> | SMH |-- 114 Allen Borovkoff 1:114/169 GT> CB> | |-- 128 Dave Munhollon 1:128/86 X GT> CB> | |-- 303 Thomas Lange 1:303/5 GT> CB> | |-- 314 Doug Preston 1:314/5 GT> Is 15 the SecureMail net number. sorry. i should have left the headers intact. no. it's the Region. SecureMail is NOT a network. we are not one of those 'otherNets'[tm] you see abounding for no good reason. SecureMail Host Routing is a internal, FidoNet volunteer routing system for privacy's sake. we all use our FidoNet Node numbers. the only thing different is that we in SMH pledge no peeking and no censoring of intrasit mail and we have SMH Userflags on our Nodelistings. so 15 above is Region 15's volunteer RSMH who is in Net 128 as noted. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLto/Z8sQPBL4miT5AQEwLwP+MAVjN6v+VF8A9bozDOOFKhShyHFjD1ft Lz/yMws7QXnWQJImEIwFVv8HDBRg1iyLJkvt/yd725159PSkosDHva5xLPNu21JJ Dq0xtvXRfJQ4iC3byf0xFDkm1mGUVnKEEUpHcwrTOryht0X6NyY6Hop1kggVnsVY 2sv5e8/PnbE= =kcFa -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: tjb@acpub.duke.edu Area: Public Key Encryption To: All 29 Nov 94 00:17:32 Subject: RELEASE: Secure Edit a0.3.1 for MacintoshUpdReq * Original Message Posted via CYPHERPUNKS * Date: 25 Nov 94 02:00:17 * From: tjb@acpub.duke.edu @ 1:102/825.111 * To: All * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:102/825.111 00021e81 @REPLYTO 1:102/825 UUCP @REPLYADDR tjb@acpub.duke.edu @PID GIGO+ sn 154 at borderlin vsn 0.99 pl3 @Sender: quake!toad.com!owner-cypherpunks @Received: from relay2.UU.NET by netcomsv.netcom.com with ESMTP (8.6.4/SMI-4.1) @ id CAA04230; Fri, 25 Nov 1994 02:22:00 -0800 @Received: from toad.com by relay2.UU.NET with SMTP @ id QQxrnk13423; Fri, 25 Nov 1994 05:09:57 -0500 @Received: by toad.com id AA27397; Fri, 25 Nov 94 02:00:36 PST @Received: from carr2.acpub.duke.edu by toad.com id AA27391; Fri, 25 Nov 94 02: 00:28 PST @Received: (from tjb@localhost) @ by carr2.acpub.duke.edu (8.6.8.1/Duke-2.0) id FAA18050; @ Fri, 25 Nov 1994 05:00:17 -0500 @To: cypherpunks@toad.com @Subject: RELEASE: Secure Edit a0.3.1 for Macintosh @Sender: owner-cypherpunks@toad.com @Precedence: bulk Date: Fri, 25 Nov 1994 05:00:17 -0500 From: "Thomas J. Bryce" Message-Id: <199411251000.FAA18050@carr2.acpub.duke.edu> -----BEGIN PGP SIGNED MESSAGE----- Miyako Software(tm) presents... SECURE EDIT(tm) VERSION ALPHA 0.3 FOR MACINTOSH SECURE EDIT is an editor designed for editing sensitive text buffers. It is designed to prevent plaintext from ever being written to disk, even if only momentarily. You might fail to overwrite or encrypt such plaintext properly, or your opponent might be able to retrieve some of the information even though you wiped it (see docs for details). Word Processors generally create temp and scratch files that leave plaintext on your drive whether you like it or not. Secure edit fixes this problem. Sometimes you need to quit in a hurry and have all your data encrypted and saved. Or you might prefer to have your files encrypted at all times so that you never forget to re-encrypt a file you worked on. Secure edit sports the following features to serve these and your other data security needs: * Plaintext is never written to disk - Secure Edit locks all sensitive buffers in memory so that virtual memory will never swap them to disk. This includes the text you are editing as well as any encryption keys in use. * Secure Edit never creates plaintext temp or scratch files, ever. * Secure Edit offers the option of saving files directly in encrypted format so you never have plaintext on the hard drive. * Your data is compressed and encrypted in RAM with the IDEA algorithm, then written to disk in encrypted format. The key is the MD5 hash of your passphrase. This is the same basic technique used in PGP conventional encryption. The SHA hash and the MD5 hashes are used to create information against which to validate keys without compromising their security. See docs for more details. * Secure Edit can mantain a secure, private clipboard, interconverting with the system clipboard only when you use OPTION-cut,copy, and paste. This prevents the system from getting a copy of your sensitive data and possibly writing it to disk, or leaving it around for another user to see. * Secure Edit can open foreign text files, and DOD wipe them on request when you save the file in encrypted format. * Secure Edit offers a default passphrase option so you only need to enter your passphrase once. It also offers the option of validating your phrase against secure validation information that can be used to check that you have entered your standard pass phrase, but which cannot be used to recover the passphrase by an opponent. This prevents you from saving under a bad passphrase and losing data. * Secure Edit offers a time-out option, whereby it will save all files and quit after a certain idle time period * Secure Edit offers an option-quit feature, whereby it will assume it is okay to save all files, and save and quit as quickly as possible * As far as I am personally aware, Secure Edit does not have any bugs which could cause data loss. However, as I am the only person who has used it until now, I am considering it an ALPHA TEST RELEASE, version a 0.3. Hence, store important information at your own risk. Save regularly! * Secure Edit alpha 0.3 is available to U.S. citizens in the U.S. at an ITAR-compliant site near you. I'm presently uploading it to ripem.msu.edu and others. * The source code is, of course, available for your inspection. * Questions about Secure Edit should be directed to me, at Thanks for your attention. Tom Bryce - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCPAy6yQdAAAAEEAOfJ4/XS4J2wm5NCVgiXrWKALKYur+8JWuXjGYv5FBOQ1QBv D4YBODWid1vrtpAKERRTw8E7LFcWbgsArmAbuUmwKcpduEGEgDYiDlRsokCaNo7T 6XUFbsOyOLsLTycKR4jmCHcDU2vnW9cBsdDfyuWESgGdFS2etk8YjrUhOUC5ABEB AAG0Ok1peWFrbyBTb2Z0d2FyZSAvIFNlY3VyZSBFZGl0IFN1cHBvcnQgPHRqYkBh Y3B1Yi5kdWtlLmVkdT6JAJUCBRAuskMzTxiOtSE5QLkBAfwxBADVq8iB8AVSry88 JtW76dqQjDd9ZDn+9piRxFxs3gY3cS7BLwPJooOrfUYvR2hOjfP0d0lt2r2NCpmE 42zS42dRZqdjsWOQFF3H7OeLoeAf7hIxiIGNXY3OQpUkj8OoWmYvkvkL01HYAsxC 8UYGK9WgvldKyZAg5wO5lVwJHjFVd4kAlQIFEC6yQuNbsCQO6C/DvQEBkZAEAMzP WHJLIe6gUSnZHNb9BnvaPTFtJK3x78zPfp4cXHyPe4WEWx1qiDOLkCkOjhqjT5If l3ApFB/SQ2INIA/ZwobiahMrCcCV5pZsNgwcOFF8t5K3FZm8jyObojsCakI4RA2k CTp6wVSXzXPKiU7bgEP4DloRbLw05qzzpOHwyXrkmQCPAi1tElkAAAEEAO6YzP+I YXLF+7sFADICmMid8CwLs5Typz++v6G1K9H6I8bod0PJWhYF+kHe5JemoALFVE8e HOODP+/Uz+/r14zjPSRg3hw+/i88jT5SKmanD8jc1V/Lzyw6/O9miBpFuDMIgAsh bx+OnV+c8FVtCPL1Ew3SktIk4FuwJA7oL8O9ABEBAAG0JFRob21hcyBKLiBCcnlj ZSA8dGpiQGFjcHViLmR1a2UuZWR1PrQlVGhvbWFzIEouIEJyeWNlIDx0amJyeWNl QGFtaGVyc3QuZWR1PokAVQIFEC1t+Kpg1mnda5vvEQEB2rMB/R7N7SPKm0UOSgUO d1kSCzaHhscznc6ql3VB07fNrAWr+wQk/4iJShZf7Ssqa4AGifsVbJXSw7fIIzgo XnvXCOQ= =y3Ve - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLtS2aE8YjrUhOUC5AQFgkwQAnR5U56xDU1rxNSgYYyGKZzyiw+lDtZ9l hVbXuxXcCxSrHJ+aeXtDrfWOr2eRcfaqgBwDm8dOikWn03jpDid7tY/KpR9YbO0M JtjzKNf5uSiTw4o0LLDAEaoBlSJ3PAPPprSWXbaY/RXkEuvCsErz0vo1uJRh2o8B z0/lpULnbTM= =pcoL -----END PGP SIGNATURE----- Please note: the correct version number is now a0.3.1 --- @PATH: 102/903 374/14 201434369420143436942014343694201434369420143436942014343694718 From: prz@acm.org Area: Public Key Encryption To: All 29 Nov 94 00:17:56 Subject: Zimmermann interrogated without counselUpdReq * Original Message Posted via CYPHERPUNKS * Date: 26 Nov 94 23:57:40 * From: prz@acm.org @ 1:102/825.111 * To: All * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:102/825.111 00021ec7 @REPLYTO 1:102/825 UUCP @REPLYADDR prz@acm.org @PID GIGO+ sn 154 at borderlin vsn 0.99 pl3 @Sender: quake!toad.com!owner-cypherpunks @Received: from relay2.UU.NET by netcomsv.netcom.com with ESMTP (8.6.4/SMI-4.1) @ id AAA12803; Sun, 27 Nov 1994 00:07:45 -0800 @Received: from toad.com by relay2.UU.NET with SMTP @ id QQxrum20465; Sun, 27 Nov 1994 03:07:58 -0500 @Received: by toad.com id AA04044; Sun, 27 Nov 94 00:00:50 PST @Received: from ncar.UCAR.EDU by toad.com id AA04038; Sun, 27 Nov 94 00:00:43 PST @Received: from sage.cgd.ucar.EDU by ncar.ucar.EDU (NCAR-local/ NCAR Central Post Office 03/11/93) @ id AAA05506; Sun, 27 Nov 1994 00:59:47 -0700 @Received: from columbine.cgd.ucar.EDU by sage.cgd.ucar.EDU (8.6.4/ NCAR Mail Server 04/10/90) @ id AAA17363; Sun, 27 Nov 1994 00:59:04 -0700 @Received: by columbine.cgd.ucar.EDU (4.1/ NCAR Mail Server 04/10/90) @ id AA03585; Sun, 27 Nov 94 00:59:29 MST Message-Id: @Subject: Zimmermann interrogated without counsel @To: cypherpunks@toad.com (Cypherpunks) Date: Sun, 27 Nov 1994 00:57:40 -0700 (MST) Cc: prz-list@voxbox.norden1.com (alt.security.pgp) From: Philip Zimmermann @Reply-To: Philip Zimmermann @Content-Type: text @Sender: owner-cypherpunks@toad.com @Precedence: bulk The following is a letter from Ken Bass, who is one of the lawyers on my legal defense team, to US Customs. It is mostly self-explanatory. It concerns the PGP investigation. For those of you unfamiliar with the PGP case, PGP is an email encryption program that is widely used around the world, and was published domestically in the USA as freeware in 1991. As the creator of PGP, I am under investigation by US Customs. They tell my lawyers that they suspect that I violated laws that prohibit the export of encryption software from the USA. If anyone wants to ask questions about this case, contact my lead defense attorney, Phil Dubois, at 303 444-3885, or dubois@csn.org. -Philip Zimmermann prz@acm.org =================================================================== Kenneth C. Bass, III (202) 962-4890 kbass@venable.com Venable, Baetjer, Howard & Civiletti 1201 New York Avenue, NW, Suite 1000 Washington, DC 20005-3917 (202) 962-4800, Fax (202) 962-8300 November 23, 1994 Mr. Homer Williams Acting Assistant Commissioner Office of Internal Affairs United States Customs Service 1301 Constitution Ave., N.W. Washington, D.C. 20229 Dear Mr. Williams: I write on behalf of our client, Philip R. Zimmermann, of Boulder, Colorado, to register a strong objection to the treatment given Mr. Zimmermann at Dulles International Airport on November 9, 1994, when he returned from a trip to Europe. Mr. Zimmermann was invited to Europe to speak on issues of public policy. When Mr. Zimmermann returned to the United States, he was diverted from the normal Customs processing, subjected to an individualized luggage search, and then interviewed extensively by Customs Special Agent Michael Winters. The questions posed to Mr. Zimmermann make it very clear that this encounter was not a routine, random interview, but was a pre-planned encounter. The interview was not restricted to matters relating to Mr. Zimmermann's re-entry into the United States and any proper subjects of inquiry regarding the personal effects he was bringing back with him, but ranged extensively over Mr. Zimmermann's European itinerary and public-speaking activities, as well as prior overseas trips he had taken. Of particular concern to us is the fact that Agent Winters questioned Mr. Zimmermann about possible exportation of PGP, a cryptography program developed by Mr. Zimmermann. This interview was conducted in the absence of Mr. Zimmermann's counsel, despite the fact that Agent Winters was very much aware of a pending criminal investigation involving Mr. Zimmermann who was advised in 1993 by an Assistant United States Attorney in the San Jose, California office that he was a target of a grand jury investigation concerning possible violations of the Arms Export Control Act related to PGP. Agent Winters made specific reference to this investigation in the course of his interrogation. This encounter is deeply troubling for two reasons. First, having such an interview in the absence of counsel when Customs is fully aware of the pending criminal investigation and the fact that Mr. Zimmermann is represented by counsel raises fundamental concerns about Government insensitivity to the constitutional rights of citizens, particularly citizens who are a target of an ongoing criminal investigation. The second major concern is the fact that Agent Winters told Mr. Zimmermann that he should expect to be subjected to the same search and interrogation upon every re-entry into the United States, at least until the criminal investigation is concluded. It is difficult enough for any individual to be the target of an open-ended criminal investigation that seems to have no clear direction, goal or foreseeable conclusion. It is quite another thing to be subjected to official interrogation, in the absence of counsel, about these matters. On behalf of Mr. Zimmermann, we ask that you make appropriate inquiries to determine who authorized this interrogation and why it was continued after Mr. Zimmermann expressed objection to being interrogated in the absence of counsel. With respect to Mr. Zimmermann's future re-entry into the United States, we would expect the Customs Service to strictly limit its contact with him to the conduct of such interviews, declarations and inspections as may be appropriate under 19 CFR Part 148 to determine whether he is subject to payment of any import duties upon his re-entry. As an American citizen he has a constitutional right to return to the United States and it is most improper to use such occasions as an excuse for conducting interviews that would not otherwise be undertaken in the absence of counsel or appropriate judicial process. I am sending copies of this letter to Agent Winters, the Assistant United States Attorney in charge of the criminal investigation, and Mr. Philip Dubois, Mr. Zimmermann's lead counsel in the investigation. If you require any additional information in order to respond to this request, please contact me directly. We would hope to resolve this matter quickly. Cordially, Kenneth C. Bass, III cc: Mr. Philip R. Zimmermann Mr. Michael B. Winters Philip Dubois, Esq. William Keane, Esq. ----- --- @PATH: 102/825 903 374/14 201434369420143436942014343694201434369420143436942014343694718 From: mab@crypto.com Area: Public Key Encryption To: All 29 Nov 94 00:18:14 Subject: Re: Zimmermann interrogated without counselUpdReq * Original Message Posted via CYPHERPUNKS * Date: 27 Nov 94 16:54:53 * From: mab@crypto.com @ 1:102/825.111 * To: All * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:102/825.111 00021ed9 @REPLYTO 1:102/825 UUCP @REPLYADDR mab@crypto.com @PID GIGO+ sn 154 at borderlin vsn 0.99 pl3 @Sender: quake!toad.com!owner-cypherpunks @Received: from relay2.UU.NET by netcomsv.netcom.com with ESMTP (8.6.4/SMI-4.1) @ id QAA18895; Sun, 27 Nov 1994 16:57:11 -0800 @Received: from toad.com by relay2.UU.NET with SMTP @ id QQxrxb29040; Sun, 27 Nov 1994 19:57:29 -0500 @Received: by toad.com id AA16750; Sun, 27 Nov 94 16:53:28 PST @Received: from crypto.com by toad.com id AA16744; Sun, 27 Nov 94 16:53:21 PST @Received: from tpc.crypto.com by crypto.com Sun, 27 Nov 1994 19:54:54 -0500 Message-Id: <199411280054.TAA21721@crypto.com> @To: Phil Karn Cc: cypherpunks@toad.com @Subject: Re: Zimmermann interrogated without counsel @In-Reply-To: Your message of "Sun, 27 Nov 1994 16:20:13 PST." @ <199411280020.QAA09078@unix.ka9q.ampr.org> Date: Sun, 27 Nov 1994 19:54:53 -0500 From: Matt Blaze @Sender: owner-cypherpunks@toad.com @Precedence: bulk >>As I understand it, you have no obligation to do or say anything to a >Customs officer when entering the country other than to identify >yourself, hand over your passport, and permit a search of your >luggage. It's not even clear you have to answer their questions as to >where you've been. Dunno what would happen if they searched your >laptop and found encrypted material... I'm going to be taking a business trip to Europe next month, and just to find out what the procedure is I decided to get a "temporary export authorization" for a so-called "exportable" AT&T telephone security device (model 3600-F). This is the "bump in a cord" voice encryptor. The "F" model is supposed to be approved for "fast track" export; it doesn't use Clipper or DES, but rather some exportable algorithm. About two months ago I called our (AT&T's) export lawyer division. They said "ok, this will be easy". Well, sure enough the other day I got back my "license for the temporary export of unclassified defense articles". The form on which this is printed is apparently used for everything in the ITAR; it took me a while to realize that the part of the form where they want the "serial number of aircraft or vessel" is to be filled in only if I'm actually exporting a plane or ship and does not refer to the plane on which I'm flying out of the country. (Where is the serial number on a 767, anyway?) Anyway, the "fast track" procedure seems to be as follows. I have to leave from an international airport with a customs agent present. Before I leave I have to make up an invoice for the devices (even though I'm not selling them to anyone) that states that "These commodities are authorized by the US government for export only to Belgium and the United Kingdom [the countries I'm visiting]. They may not be resold, transshipped, or otherwised disposed of in any country, either in their original form or incorporated into other end-items without the prior written approval of the US Department of State." At the airport, I have to fill out something called a "shippers export declaration" (SED) and copy the same wording onto it. Then I present my invoice, SED, and export license to a customs official at the airport before I leave (this will be fun - I leave from JFK, where Customs is in a different building from departing flights). The Customs officer then endorces my license to show what I'm taking out of the country. On the way back in, I'm supposed to "declare" my item (even though it was manufatured in the US) and show them my license, SED, and invoice, and they're supposed to endorse the license to show that I have, in fact, returned the "defense article". I'd hate to know what the "slow track" is like.... I'll post a report of what actually happens when I try to follow these procedures. -matt --- @PATH: 102/825 903 374/14 201434369420143436942014343694201434369420143436942014343694718 From: karn@unix.ka9q.ampr.org Area: Public Key Encryption To: All 29 Nov 94 00:18:26 Subject: Re: Zimmermann interrogated without counselUpdReq * Original Message Posted via CYPHERPUNKS * Date: 27 Nov 94 22:06:34 * From: karn@unix.ka9q.ampr.org @ 1:102/825.111 * To: All * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:102/825.111 00021eed @REPLYTO 1:102/825 UUCP @REPLYADDR karn@unix.ka9q.ampr.org @PID GIGO+ sn 154 at borderlin vsn 0.99 pl3 @Sender: quake!toad.com!owner-cypherpunks @Received: from relay2.UU.NET by netcomsv.netcom.com with ESMTP (8.6.4/SMI-4.1) @ id WAA20306; Sun, 27 Nov 1994 22:12:29 -0800 @Received: from toad.com by relay2.UU.NET with SMTP @ id QQxrxw20292; Mon, 28 Nov 1994 01:12:34 -0500 @Received: by toad.com id AA18551; Sun, 27 Nov 94 22:07:09 PST @Received: from unix.ka9q.ampr.org by toad.com id AA18545; Sun, 27 Nov 94 22: 06:58 PST @Received: (karn@localhost) by unix.ka9q.ampr.org (8.6.7/8.6.5) id WAA09232; Sun, 27 Nov 1994 22:06:34 -0800 Date: Sun, 27 Nov 1994 22:06:34 -0800 From: Phil Karn Message-Id: <199411280606.WAA09232@unix.ka9q.ampr.org> @To: mab@crypto.com Cc: cypherpunks@toad.com @In-Reply-To: <199411280054.TAA21721@crypto.com> (message from Matt Blaze on Sun, 27 Nov 1994 19:54:53 -0500) @Subject: Re: Zimmermann interrogated without counsel @Sender: owner-cypherpunks@toad.com @Precedence: bulk There was supposed to be an exemption for temporary export of cryptography by US citizens for personal use overseas. At least it was announced last spring by Martha Harris at the State Dept. There's some confusion about whether the exemption ever actually took effect; the current consensus appears to be that it has not. So I guess you still have to go through the formality. Phil --- @PATH: 102/825 903 374/14 201434369420143436942014343694201434369420143436942014343694718 From: mab@crypto.com Area: Public Key Encryption To: All 29 Nov 94 00:18:38 Subject: Re: Zimmermann interrogated without counselUpdReq * Original Message Posted via CYPHERPUNKS * Date: 27 Nov 94 22:10:54 * From: mab@crypto.com @ 1:102/825.111 * To: All * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:102/825.111 00021eee @REPLYTO 1:102/825 UUCP @REPLYADDR mab@crypto.com @PID GIGO+ sn 154 at borderlin vsn 0.99 pl3 @Sender: quake!toad.com!owner-cypherpunks @Received: from relay2.UU.NET by netcomsv.netcom.com with ESMTP (8.6.4/SMI-4.1) @ id WAA20570; Sun, 27 Nov 1994 22:15:25 -0800 @Received: from toad.com by relay2.UU.NET with SMTP @ id QQxrxx20575; Mon, 28 Nov 1994 01:15:34 -0500 @Received: by toad.com id AA18565; Sun, 27 Nov 94 22:09:25 PST @Received: from crypto.com by toad.com id AA18559; Sun, 27 Nov 94 22:09:20 PST @Received: from tpc.crypto.com by crypto.com Mon, 28 Nov 1994 01:10:55 -0500 Message-Id: <199411280610.BAA24922@crypto.com> @To: Phil Karn Cc: mab@crypto.com, cypherpunks@toad.com @Subject: Re: Zimmermann interrogated without counsel @In-Reply-To: Your message of "Sun, 27 Nov 1994 22:06:34 PST." @ <199411280606.WAA09232@unix.ka9q.ampr.org> Date: Mon, 28 Nov 1994 01:10:54 -0500 From: Matt Blaze @Sender: owner-cypherpunks@toad.com @Precedence: bulk >There was supposed to be an exemption for temporary export of >cryptography by US citizens for personal use overseas. At least it was >announced last spring by Martha Harris at the State Dept. >>There's some confusion about whether the exemption ever actually took >effect; the current consensus appears to be that it has not. So I >guess you still have to go through the formality. >>Phil >According to our export guy (and also someone I spoke with at NIST) that exemption is not yet in effect. -matt --- @PATH: 102/825 903 374/14 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Jim Grubs, W8GRT 29 Nov 94 15:32:06 Subject: GOP vs. Clipper...? UpdReq Despite the stern warnings of the tribal elders, Jim Grubs, W8GRT said this to Carl Hudkins: JGW> A chance remark by Newt Gingrich gave me the impression he's JGW> cyberspacee literate. At the very least, that means he'll JGW> understand the issues better than most of them. He's one of the very few congressmen with an Internet address. 201434369420143436942014343694201434369420143436942014343694718 From: Lawrence Garvin Area: Public Key Encryption To: Shawn K. Quinn 28 Nov 94 07:00:38 Subject: ECPA and sysop only echos UpdReq [On 08 Nov 94 17:03:31, Shawn K. Quinn offered these thoughts to All about 'ECPA and sysop only echos'] SKQ> Does the ECPA apply to sysop-only and other "non-public" echos (such SKQ> as DuckNet's CHO_MEMBER, reserved for CHO members only)? SKQ> SKQ> Someone told me it did, but I wasn't completely sure. Where exactly is SKQ> the line drawn on matters of this type. In a recent Sysop Liability Conference at UH Downtown, Pete Kennedy (of Steve Jackson Games fame) expressed his belief that it does apply to message areas of -restricted- access. The example he used was the women's only areas on The Well. I suspect the same philosophy would carry over to sysop-only and membership-required echos, in that they are not 'readily accessible to the general public'... (won't this raise some eyebrows! :) ... Lawrence.Garvin@f6018.n106.z1.fidonet.org 201434369420143436942014343694201434369420143436942014343694718 From: John Schofield Area: Public Key Encryption To: All 28 Nov 94 15:15:42 Subject: Zimmermann interrogated without counselUpdReq * Originally By: prz@acm.org * Originally To: All * Originally Re: Zimmermann interrogated without counsel * Original Area: I:CYPHERPUNKS@TOAD.COM: Cypherpunks List * Forwarded by : Blue Wave v2.12 @MSGID: 1:102/825.111 00021ec7 @REPLYTO 1:102/825 UUCP @PATH: 102/825 Message-Id: Date: Sun, 27 Nov 1994 00:57:40 -0700 (MST) Cc: prz-list@voxbox.norden1.com (alt.security.pgp) From: Philip Zimmermann The following is a letter from Ken Bass, who is one of the lawyers on my legal defense team, to US Customs. It is mostly self-explanatory. It concerns the PGP investigation. For those of you unfamiliar with the PGP case, PGP is an email encryption program that is widely used around the world, and was published domestically in the USA as freeware in 1991. As the creator of PGP, I am under investigation by US Customs. They tell my lawyers that they suspect that I violated laws that prohibit the export of encryption software from the USA. If anyone wants to ask questions about this case, contact my lead defense attorney, Phil Dubois, at 303 444-3885, or dubois@csn.org. -Philip Zimmermann prz@acm.org =================================================================== Kenneth C. Bass, III (202) 962-4890 kbass@venable.com Venable, Baetjer, Howard & Civiletti 1201 New York Avenue, NW, Suite 1000 Washington, DC 20005-3917 (202) 962-4800, Fax (202) 962-8300 November 23, 1994 Mr. Homer Williams Acting Assistant Commissioner Office of Internal Affairs United States Customs Service 1301 Constitution Ave., N.W. Washington, D.C. 20229 Dear Mr. Williams: I write on behalf of our client, Philip R. Zimmermann, of Boulder, Colorado, to register a strong objection to the treatment given Mr. Zimmermann at Dulles International Airport on November 9, 1994, when he returned from a trip to Europe. Mr. Zimmermann was invited to Europe to speak on issues of public policy. When Mr. Zimmermann returned to the United States, he was diverted from the normal Customs processing, subjected to an individualized luggage search, and then interviewed extensively by Customs Special Agent Michael Winters. The questions posed to Mr. Zimmermann make it very clear that this encounter was not a routine, random interview, but was a pre-planned encounter. The interview was not restricted to matters relating to Mr. Zimmermann's re-entry into the United States and any proper subjects of inquiry regarding the personal effects he was bringing back with him, but ranged extensively over Mr. Zimmermann's European itinerary and public-speaking activities, as well as prior overseas trips he had taken. Of particular concern to us is the fact that Agent Winters questioned Mr. Zimmermann about possible exportation of PGP, a cryptography program developed by Mr. Zimmermann. This interview was conducted in the absence of Mr. Zimmermann's counsel, despite the fact that Agent Winters was very much aware of a pending criminal investigation involving Mr. Zimmermann who was advised in 1993 by an Assistant United States Attorney in the San Jose, California office that he was a target of a grand jury investigation concerning possible violations of the Arms Export Control Act related to PGP. Agent Winters made specific reference to this investigation in the course of his interrogation. This encounter is deeply troubling for two reasons. First, having such an interview in the absence of counsel when Customs is fully aware of the pending criminal investigation and the fact that Mr. Zimmermann is represented by counsel raises fundamental concerns about Government insensitivity to the constitutional rights of citizens, particularly citizens who are a target of an ongoing criminal investigation. The second major concern is the fact that Agent Winters told Mr. Zimmermann that he should expect to be subjected to the same search and interrogation upon every re-entry into the United States, at least until the criminal investigation is concluded. It is difficult enough for any individual to be the target of an open-ended criminal investigation that seems to have no clear direction, goal or foreseeable conclusion. It is quite another thing to be subjected to official interrogation, in the absence of counsel, about these matters. On behalf of Mr. Zimmermann, we ask that you make appropriate inquiries to determine who authorized this interrogation and why it was continued after Mr. Zimmermann expressed objection to being interrogated in the absence of counsel. With respect to Mr. Zimmermann's future re-entry into the United States, we would expect the Customs Service to strictly limit its contact with him to the conduct of such interviews, declarations and inspections as may be appropriate under 19 CFR Part 148 to determine whether he is subject to payment of any import duties upon his re-entry. As an American citizen he has a constitutional right to return to the United States and it is most improper to use such occasions as an excuse for conducting interviews that would not otherwise be undertaken in the absence of counsel or appropriate judicial process. I am sending copies of this letter to Agent Winters, the Assistant United States Attorney in charge of the criminal investigation, and Mr. Philip Dubois, Mr. Zimmermann's lead counsel in the investigation. If you require any additional information in order to respond to this request, please contact me directly. We would hope to resolve this matter quickly. Cordially, Kenneth C. Bass, III cc: Mr. Philip R. Zimmermann Mr. Michael B. Winters Philip Dubois, Esq. William Keane, Esq. -!--- -!- ! Origin: Borderline! uucp<->Fido{ftn}gate Project (1:102/825) 201434369420143436942014343694201434369420143436942014343694718 From: Jason Carr Area: Public Key Encryption To: John Schofield 28 Nov 94 20:08:26 Subject: Re: cypherpunks UpdReq -=> Quoting John Schofield to Alan Pugh <=- AP> does anyone know how to get on the cypherpunks mailing list? JS> cypherpunks-request@toad.com JS> It's also available as a FTSC-format echo from my system. Is that like Fido mail? If so, I'd be willing to pick it up from you and distribute it freely around Dallas for the Non-inet'ers among us. :) jc 201434369420143436942014343694201434369420143436942014343694718 From: Jason Carr Area: Public Key Encryption To: Jim Grubs, W8GRT 28 Nov 94 19:26:52 Subject: Re: Lawyer 4/4 UpdReq > Basil Hoyl wrote in a message to All: JGW> I sent a copy of this thread to Phil. He was fascinated. I'm guessing JGW> future PGP versions will not accept keys with "book" type IDs. Any ideas about how that kind of control might be implemented? Limit the #/format of IDs? jc 201434369420143436942014343694201434369420143436942014343694718 From: Jason Carr Area: Public Key Encryption To: John Mudge 28 Nov 94 19:25:20 Subject: Re: PKZIP Crack UpdReq -=> Quoting John Mudge to Jason Carr <=- JC> I messed around with CRACK and it schiz'ed out (didn't recognize PK2.?? JC> maybe?). I gave a test archive a one-letter pass and pkzcrack couldn't JC> figger it out. :( JM> I suspect it won't. The file date indicates it predates PKZ 2.xx :( I had that in the back of my mind, but was too lazy to check the compile dates on both... JC> There are a coupla names in the nodelist similar to the stated name in JC> the PKZCRACK internal documentation; I'll drop 'em some netmail and see JC> if that's the author. JM> Sounds good. Let us know what you find out. Got sidetracked and haven't NetMailed him yet. Will do so this coming week, if I remember. jc 201434369420143436942014343694201434369420143436942014343694718 From: Jason Carr Area: Public Key Encryption To: Frank Hicinbothem 28 Nov 94 20:17:30 Subject: Re: PKZIP security UpdReq -=> Quoting Frank Hicinbothem to Scott Mills <=- FH> Please don't take this as a flame; it isn't meant as one.... bt when I FH> screw up and someone doesn't get a file that I've told the whole world FH> that I have available, I deliver it, plus an apology on MY dime. It FH> keeps me from becoming known as "unreliable." That's exactly what he did, in my case at least. Thanks, Scott! jc 201434369420143436942014343694201434369420143436942014343694718 From: Jim Grubs, W8GRT Area: Public Key Encryption To: Brian Giroux 26 Nov 94 14:23:00 Subject: LAWYER UpdReq > JIM GILLISPIE pounded out random words to BASIL HOYL, > and it looked something like this: > JS>> I have no qualms with someone putting > JS>> as their user ID "John Smith (Lisp > JS>> programmer)" I would have had no problem with you > JS>> putting "(Tax Lawyer)" after your ID. > JG>I have mixed feelings on this. I don't. The keyring is no place for a cheapskate to go for free advertizing. Sincerely, Jim Grubs, W8GRT 201434369420143436942014343694201434369420143436942014343694718 From: Jim Grubs, W8GRT Area: Public Key Encryption To: David Chessler 27 Nov 94 15:58:00 Subject: Pgp abroad UpdReq > (BTW, Bob Metcalf is a trustee of MIT, so he may know more than he is > telling.) And MIT, itself, is one of the P of PKP, is it not? Sincerely, Jim Grubs, W8GRT 201434369420143436942014343694201434369420143436942014343694718 From: Mike Riddle Area: Public Key Encryption To: Ron Bigalke 28 Nov 94 21:40:36 Subject: A question UpdReq In a message to All on Nov 24 94 at 04:06, Ron Bigalke wrote: RB> A few weeks ago I ask a question in this echo but never saw RB> a response if indeed there was one. RB> So at the risk of annoying a few here, can anyone tell me RB> why Canadians have access to the US version of PGP? RB> Opinions are nice, but I'd like a reference or two of some RB> treaty or something. Thanks for the time. Since the reason comes from our Congress and your Parliament, it may not be logical, :-), but the reason is that the U.S. statute and regulations on International Trafficing in Arms specifically allow export to Canada without license. I imagine there's a treaty or executive agreement behind it, but the documents I've seen don't mention it. 201434369420143436942014343694201434369420143436942014343694718 From: usenet news Area: Public Key Encryption To: All 29 Nov 94 07:25:34 Subject: Inman on Privacy and Clipper UpdReq ~Date: Wed, 23 Nov 94 09:54:12 EST ~From: lethin@ai.mit.edu (Rich Lethin) ~Subject: Admiral Inman visits MIT -----BEGIN PGP SIGNED MESSAGE----- Phil, below is something that I forwarded to cypherpunks a few days ago, a rough transcription of class notes. The note you sent yesterday mentioned that the NSA objected to the Triple-DES proposal on the X9 committee. Admiral Inman's comments below might reflect on a motivation for this. Rich - --- 11/21/94 Admiral Bobby Inman, the former director of the NSA, Deputy directory of the CIA, and Director of Naval Intelligence spoke at Hal Abelson's MIT class today about Clipper, export regulations and cryptography. He was impressive with respect to the clarity of his points, his even-handedness, and the precision with which he addressed questions from the class. He began his talk with the beginnings of the export control debate as arising with mid-80's. Intelligence from the French disclosed a Soviet "shopping list" of technologies to acquire from the West, starting with overt purchases, and moving to covert purchases and theft if necessary. The US government was particularly alarmed at the size of the figure for the number of Rubles that the Soviets saved. The resulting internal government reaction started by working to reclassify technologies that were previously public, and then moved restructure the ground rules for business in order to prevent sensitive technologies from being exported in the future. One of those technologies was cryptograpy. Inman said there was a myth in the press about the value of technical intelligence as not providing information about intentions, instead providing only information about configurations and positions. That's true for imaging technologies, but communications intelligence (COMINT) does provide information about intentions. He said that while he can't provide specific cases, in the last 20-30 years COMINT has provided significant information about intentions, including cases where the military was employed. There were some cases where they were able to gain access to the transmissions, but unable to go further because the adversary employed cryptography. He mentioned that as head of the NSA, he was involved in the decision to declassify the work related to Magic and it's successes against the Japanese during WWII. Even though much of the material was 40 years old there was govt. resistance to declassification because in many instances adversaries have employed extremely dated encryption technology, which the NSA was easily able to crack. It was felt that in all cases, the less said about cryptography publicly, the better. He touched on the mid-70's debate about public cryptography which led to the establishment of voluntary peer review with a 30-day response from the NSA. He felt that this system worked for about 10 years, and finally broke down when commercial opportunities for cryptography started to arise so that economic incentives instead of publishing incentives framed the debate. (He said something about the extensive, nonpublic, dialogues between commercial cryptographic companies and the government which eventually became public. I didn't quite follow this; he seemed to be censoring himself as he said it. Something about both parties or one party regretting this becomming public.) The other side of this polarization between public cryptography and government cryptography was an "evolution of concern" within the government, driven by public perceptions, about white-collar crime, which he said was a recent (since Watergate) phenomenon. Public cryptography threatens white-collar enforcement, because the FBI has become "totally dependent" on wiretaps. When asked later about the proportion of concern within the government between the various white-collar crimes, such as drugs, organized crime, terrorism, etc., he replied that the governmental concern about wiretaps was and is primarily and unambiguously about narcotics. The driving concern about public cryptography changed from export to 201434369420143436942014343694201434369420143436942014343694718 From: usenet news Area: Public Key Encryption To: All 29 Nov 94 07:26:34 Subject: 02/Inman on Privacy and Clipper UpdReq domestic concerns. This led to the technological solution, Clipper, which he termed a mini-disaster. He said that people inside the government miscalculated the depth of distrust of government which led to the anti-clipper groundswell. He felt that this was simply a "blind spot" in those people; it's not that they have bad motives, it's just that they can't comprehend why someone wouldn't trust the government. By proposing clipper (which is technologically sound) with it's government-entity escrow, he said that they fed the spectre of Big Brother, when it would have been better to deal with it from the start. One of the ways that they could have dealt with it was via commercial or nongovernmental escrow, specifically citing the companies in Boston and NY which deal with stock certificate transactions. However, he was skeptical whether nongovernmental escrow had any political future since the initial blunder. - From a public policy standpoint, he felt that given the single-issue voting in the recent election, regarding crime, the public's equivalence of crime with drugs, and the essential nature of the wiretaps as the sole source of leads in combatting narcotics, that arguments *to the public* about privacy would be ineffective. Most of the public do not see wiretaps as threatening them. He felt that if one wanted to fight for privacy in the public domain, the only chance was to link it with another issue that the voting public feels strongly about: namely, Big Government, Bureaucracy. Throughout his talk, this theme was reiterated several times: the public does makes governmental policy by the way they vote. The public cares about crime. Crime and Drugs are the same thing (in the public eye). Arguments about privacy will not fly. The argument must be PACKAGED in terms that links it to an issue that the public cares about, and the public cares about and opposes Big Government. He suggested that the alternatives to government wiretap abilities to combat drugs might be random uranalysis of the public, specifically to combat the demand side of the drug trade since enforcement against the supply side is so terribly unsuccessful. Note: he wasn't advocating this action by the government, just pointing out that there are implications to extreme positions on any issue, largely related to the public's current concerns. Back to Narcotics. He gave the statistic that 90% of the narcotics leads related to money laundering come from domestic wiretaps. He claimed that international wiretaps are less valuable, because of the trail of the money which generally travels this route: Small US Bank <1> Large US Bank <2> Canadian Bank <3> Cayman Island <4> Columbia He claimed that the only valuable link for enforcement is link <1> because this identifies the individuals subject to law enforcement, while scanning links <2> and <3> is illegal due to treaty clauses which preclude surveilance of companies located in friendly-nation intelligence allies (e.g. Canada) while scanning link <4> is not worthwhile because it's too far removed and difficult to identify with specific individuals in the US. When asked about the often rumored "you spy on my citizens, I'll spy on yours and we'll exchange what we get" cooperation that would allow the US to subvert restrictions on unauthorized wiretapping of citizens by having, say Great Britain do it for them, he said that that would be illegal because of those treaty clauses preventing such spying and it doesn't happen; he claimed that the intelligence sharing that goes on is motiviated by cost considerations, rather than trying to subvert laws in the form that this rumor alleges. He suggested that most companies are not willing to spend money on strong cryptography and that in order to get companies more interested in strong cryptography, there must be one or two well-publicized cases where companies experience actual losses due to some sort of ether-sniffing. Inman made the point that when governments are faced with problems that are too big, they often just throw up their hands and don't deal with it. 201434369420143436942014343694201434369420143436942014343694718 From: usenet news Area: Public Key Encryption To: All 29 Nov 94 07:27:34 Subject: 03/Inman on Privacy and Clipper UpdReq Someone else in the class followed on this by pointing out that the logical implication of that argument is that redoubling efforts for the adoption of PGP or the like would effectively make the problem a big one for the government. Inman was surprised by the looming introduction of VoicePGP, and said that that would be a big problem, particularly with the advent of mobile computers that supported VoicePGP, since much of the dealer-level narcotics enfocement relies on such surveilance. He pointed out, though, that current cellular phones are difficult to monitor because "there's no technology that can sweep up and sort out phone conversations" despite very large investments in this. He drew an analogy to a case where he had to inform President Carter that an insecure dedicated private land-line to the British Prime Minister had been compromised. Inman told Carter that the nature of the public phone system, with its huge volume and unpredictable switching, would have made using a pay phone more secure. Inman, when asked about foreign export restrictions felt that the best way to remain ahead technologically was not to restrict export, but speed the pace at which you advance domestically. The current global economic system is very different from the days when export constraints were first proposed, and that they're probably not applicable. Many of you might remember the controversial hearings regarding Clinton's nomination of Inman for DCI about a year ago; it was rumored in the press that William Saffire of the New York Times and Senator Dole had worked out a pact, whereby Dole would sink Inman if Saffire would sink Clinton. This rumor was never substantiated, but Saffire's scathing editorial about Inman stemming from an incident in which he felt that Inman has lied to him helped scuttle Inman's nomination. Today, Inman mentioned that his privacy had been invaded during the nomination process; when asked for elaboration, he cited cases of the press going around asking questions about his wife and sons. So Inman seems sensitive to issues of privacy, but in this case, they seem to be primarily associated with invasions of privacy by the media rather than by the government. In all, Inman gave a balanced talk, concerned primarily with clarifying the motives of the different players (the govt and the public) to make some sense of complicated issues. -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLtNXcd2yvmfs/TJFAQFWGgP/eao60HTSIkIxHpNQH0SDhUwLWkc8e6Ez mFOF425xMfypvQWSM19OOFfqNFwUxb/3NAMPapedPXgoolZn1jNzswLbdduNTxkS WXWRzMb3/u2CyW9bYYWE2wq3xdT1QAsSjWhPRG04k6G6g7dy9ne4aqeUkEtbn+sX M3cmDCKphOE= =rBX4 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: Mark Carter 27 Nov 94 10:27:44 Subject: cypherpunks UpdReq -=> Mark Carter was saying something about cypherpunks MC> In a msg on , Alan Pugh of 1:151/142 wrote: AP> does anyone know how to get on the cypherpunks mailing list? MC> Send mail to majordomo@toad.com with Subscribe Cypherpunks as your MC> message. At least, that's how it was done a couple months ago. The MC> address may have changed since. MC> Mark thanks. it still is. at least the majordomo server is there. amp <0003701548@mcimail.com> November 27, 1994 10:27 ... Copper wire came from two lawyers arguing over a penny. 201434369420143436942014343694201434369420143436942014343694718 From: Alan Pugh Area: Public Key Encryption To: John Schofield 27 Nov 94 10:29:50 Subject: cypherpunks UpdReq -=> John Schofield was saying something about cypherpunks JS> -----BEGIN PGP SIGNED MESSAGE----- JS> --====-- AP> does anyone know how to get on the cypherpunks mailing list? JS> cypherpunks-request@toad.com JS> It's also available as a FTSC-format echo from my system. JS> John does that mean it is available as a bluewave or qwk -compatable messages? i called your board recently and noticed you'd changed your setup. i'll hit it again monday when i can have more time online. thanks, amp <0003701548@mcimail.com> November 27, 1994 10:29 ... If Voting changed anything it would be Illegal. 201434369420143436942014343694201434369420143436942014343694718 From: Michael Bauser Area: Public Key Encryption To: Tim Lee 28 Nov 94 02:21:42 Subject: A PGP paradox. UpdReq -----BEGIN PGP SIGNED MESSAGE----- Who: Tim Lee What: A PGP paradox. When: 23 Nov 94 14:53:00 TL> Unfortunately, PGP 2.7 does not support his platform and he requires TL> some major alterations in the operations of the basic PGP package. TL> The alterations would not affect any of the operations of the PGP's TL> encryption engine. To solve this problem, he purchases a copy of PGP TL> 2.7 for the DOS platform and puts it on the shelf. He then acquires a TL> copy of the source code of a freeware version of PGP. --not any of TL> MIT's versions since their license prohibits commercial use. He then TL> make the required alterations and compiles the source code to produce TL> an executable of his platform. At this point has paid for a TL> commercially licensed version of PGP does not use. He has his own TL> version derived from a freeware version which he uses as a proxy for TL> the version 2.7. Question: at this point is he still legal? If not, TL> who has been hurt by his actions--and how? No, he is not legal because the licensing agreement for the software he purchased is for the software that came in the box with the agreement-- nothing else. Sorry, but he *can* get sued for copyright infringement, contract violation, and all that crap. On the other hand, you're vastly underestimating the extent of ViaCrypt's marketing prowess. I recall the help file of the lorax timestamp server mentioning that ViaCrypt sells a user-alterable source code package for seven hundred dollars. Awfully damn expensive, but it would solve all the copyright problems. I'll see what I can look up and get back to you in a couple of days. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: The legal_kludge is dead! Upgrade, already! iQCVAwUBLtmEIsRHZFQbZSuZAQFpqAP+Kn+RB3hgbfxDG9JzjxXKxP/aSvre/yHG AYwKaHFZCLBQNeXIw+Kq9GL8ef28UtGlEYL843Lv0xu8BTT/op2xp+5GPnaGgVFk JU3X60FbcZe1WacITWCyMohTi3RxOfgD7lHCBunD3JZu3nJCyytZyHjlCCL5VrGC TIBpZ2qwxTM= =RjHS -----END PGP SIGNATURE----- **EZ-PGP v1.07 ... PSSST! Hey buddy! Change byte C287 from 08 to 06! Pass it on! 201434369420143436942014343694201434369420143436942014343694718 From: tcmay@netcom.netcom.com Area: Public Key Encryption To: All 29 Nov 94 14:18:48 Subject: The Market for Crypto--A Curmudgeon's ViewUpdReq * Original Message Posted via CYPHERPUNKS * Date: 29 Nov 94 03:01:51 * From: tcmay@netcom.netcom.com @ 1:102/825.111 * To: All * Forwarded by: Christopher Baker @ 1:374/14 * Message text was not edited! @MSGID: 1:102/825.111 00022d20 @REPLYTO 1:102/825 UUCP @REPLYADDR tcmay@netcom.netcom.com @PID GIGO+ sn 154 at borderlin vsn 0.99 pl3 @Sender: quake!toad.com!owner-cypherpunks @Received: from relay2.UU.NET by netcomsv.netcom.com with ESMTP (8.6.4/SMI-4.1) @ id DAA01554; Tue, 29 Nov 1994 03:11:41 -0800 @Received: from toad.com by relay2.UU.NET with SMTP @ id QQxsci06681; Tue, 29 Nov 1994 06:11:34 -0500 @Received: by toad.com id AA18985; Tue, 29 Nov 94 03:03:12 PST @Received: from netcom14.netcom.com by toad.com id AA18972; Tue, 29 Nov 94 03: 02:55 PST @Received: by netcom14.netcom.com (8.6.9/Netcom) @ id DAA12770; Tue, 29 Nov 1994 03:01:51 -0800 From: tcmay@netcom.netcom.com (Timothy C. May) Message-Id: <199411291101.DAA12770@netcom14.netcom.com> Date: Tue, 29 Nov 1994 03:01:51 -0800 (PST) Cc: tcmay@netcom.netcom.com (Timothy C. May) -----BEGIN PGP SIGNED MESSAGE----- I have to apologize for the length of this piece. It's almost 3 in the morning, and I've spent far too much time writing it. It's just that my "rant buttons" are pushed by an argument I'll call the "crypto isn't being used by enough people, so we'll have to make our own lives harder to set an example" argument. Some would call it the Self Flagellation Argument. There's a larger issue, of why crypto is not being used in the way some of us think it _should_ be being used. Why no digital cash? Why no common use of digital signatures in the business world? Why isn't everybody (or anybody?) time-stamping their lab notebooks and song lyrics? Why, why, why? I've developed some views on this. Some have come from watching my nanotechnology friends exhorting the world to develop nanotech, some have come from my 20 years in high tech, watching the "gotta succeed" technologies get bypassed (remember holographic memories? Integrated Injection Logic? laser pantography? aptical foddering? artificial intelligence?). And on the "self-flagellation" front, I participated in well-intentioned experiments on other mailing lists, in which it was hoped that certain desired evolutionary outcomes be "facillitated" by list rules and regulations....how they failed is another topic. And of course I've devoted several hours a day to this list for more than two years. A lot of stuff to draw some conclusions from. So, here it is. Not a polished essay, but as polished as it's likely to ever get. Lucky Green wrote: > I don't want to restart the "If the output wont work on a stack of > Hollister cards the system sucks" thread, but Tim is here, as he is most of > the time, right. After two years, we still have not made it much simpler to > integrate PGP/whatever into a mixed OS environment. The issue that keeps coming up is a familiar one to economists: is the success of a product determined by the "push" of customer demands for such products or by the "pull" of available technology? Did customers demand the microprocessor or did companies like Intel demonstrate a technology and thus pull customers in? (The possible subject of much debate. Examples on both sides. An exercise: which model does the Web/Mosaic combination fit? As it relates here, there seem to be two main camps: 1. The Pushers. Those who believe that encryption and related technologies (digital cash being the most obvious) will "succeed" (become popular, profitable, etc.) when there is *customer demand* for it. Some purpose, some economic gain, or some recreational benefit. 2. The Pullers. Those who believe that these technologies will success because they are so compelling as to pull customers in. Orthogonal to these are the camps regarding how to *proselytize* crypto: A. The Preachers. Spread the word, educate the masses. Make crypto necessary to access information. (Whether for the Pushers or the Pullers, the Preachers believe that the key to the success of crypto From: tcmay@netcom.netcom.com (Timothy C. May) Message-Id: <199411291101.DAA12770@netcom14.netcom.com> Date: Tue, 29 Nov 1994 03:01:51 -0800 (PST) Cc: tcmay@netcom.netcom.com (Timothy C. May) lies in _convincing_ others to use it.) B. The Pragmatists. Whether pushed or pulled, crypto will happen when it happens. When the time is right--technologically, economically, and socially, perhaps--crypto will find its uses. (I could, as as my wont, write more on each of these. But I'll resist the urge.) The graphically-oriented may imagine this as a map. With ranges of beliefs. Various of you fall into various places on this map. Some argue that lawyers should relocate to the Caribbean tax havens to "service" Cypherpunk needs (no insult intended to the proposer of this scheme, but this a classic "2A"--the Preacher-Puller. Also known as the "If you build it, they will come" view.). Others argue that Cypherpunks should "practice what they preach" at all times (not surprisingly, a trait of the Preacher). Well, I think you can see where I'm headed. I happen to believe that strong crypto, of the sort I am interested in (though not necessarily using/advocating/proselytizing for), will become common at some time in the next decade or so: - when markets have arisen which can make use of, for example, digital cash. (This could be next year, with NetCash or VisaBits...it's always hard to predict exact markets.) - when the current protocol problems which make all of this crypto stuff so _complicated_ to use ("To spend a DigiDime, first create a client on a 4.3BSD-compliant server...."). - when other interesting technical problems well known to us--such as issues about double spending, revocation, etc.--are better solved. (Yes, I am saying that we are probably a couple of years too early...the Crypto conferences are still generating new results. Perhaps someone will pull it off, but it is by no means obvious that all the pieces are ready to go.) - and of course when everyone is just a little bit better net-connected, when e-mail is more robust, when agent technology is more mature, etc. So, I guess this makes me a "Pragmatist." No point in preaching. (And before a smart aleck claims that my presence on the list, and my posts, and my FAQ, etc., makes me a "Preacher," think about it. Once can be interested in an area, want to see it become a reality, without being a Preacher. The microprocessor happened for a variety of reasons...proselytizing was not one of the main reasons.) As to Pusher or Puller, I'm in both camps. Certain market needs--in areas like online commerce, Web publishing, even money laundering--will push the existing technology "from the bottom up." Thus, brain-damaged "electronic purse" schemes will be broken, will need to be fixed, and so folks like Chaum and Brands will license their results, consult, etc. This is how most products evolve, kind of haphazardly (in the sense that previous history exerts a strong influence...the reptilian brain in us, etc.). At the same time, the purer technologies--such as DC-Nets and other abstract ideas--will pull from the top. (It can be argued that the two are really the same, displaced in time. Thus, yesterday's exotic From: tcmay@netcom.netcom.com (Timothy C. May) Message-Id: <199411291101.DAA12770@netcom14.netcom.com> Date: Tue, 29 Nov 1994 03:01:51 -0800 (PST) Cc: tcmay@netcom.netcom.com (Timothy C. May) technology that "pulled" is today's "pusher" tool. Digital signatures, for example.) I'm all for exploring, for folks going off and doing their thing, and for trying to commercialize ideas. (The joke that the only people who've made money on crypto are the book publishers is not far from the truth. RSA Data has, despite its obvious situation, never paid a dime to its early investors (so says Alan Alcorn, inventor of "Pong" and an early investor in RSADSI). Zimmermann sure hasn't. I assume Cylink, Crypto AG, and some of the others have some profits, or at least not continuing losses, but none of them are powerhouses.) The Glorious Crypto Revolution may happen. In fact, I'll bet on it. But the precise form is unknown. And it won't happen because a bunch of people decided to "prove the technology" by sending DigiFranques to each other in a toy market. (The HEx market on Extropians showed the failure of this...as have some experiments here.) And it won't happen because we all sign our messages, any more than wearing secret decoder rings ushers in a new political regime. (I'm much more interested in ensuring that signing of messages, or encryption of them, cannot practicably be outlawed than I am in "spreading the word." If having lots of folks using crypto makes a ban less likely or less enforceable, then of course I hope more people use crypto. But this is not the same as saying we should all be "setting an example" and thereby _cause_ this widespread use. Or so it seems to me.) > We are stuck: No need -> no development of tools -> no spreading of crypto > beyond the "hard core" -> no public resitance when crypto becomes illegal. Push and Pull, Preachers and Pragmatism. Find the "Killer App" that people want, and there you are. Web/Mosaic is the current killer app. (And ironic that so many people preached the wonders of hypertext and Xanadu...including several people on this list (and I agreed with them, by the way)...but nothing of significance happened until the WWW and browsers ignited the phenomenal explosion of the past two years.) And if you can't just "think up" the killer app, find an area of deep interest and focus on that _for the pleasure of it_ (and for the profit of it). Somebody who, as an example, can apply agent technology to crypto, may find himself in the thick of things in 1998. I guess I'm reacting to the pervasive mood of "We've got to *do* something!!" that keeps coming up. I'm skeptical, because of the push/pull points, and because a bunch of scattered, part-time workers who rarely meet, who are all going in different directions, etc., is not exactly a team likely to build a new product. (In nearly every case I can think of where a significant technology or product was developed, some kind of focus was needed. Usually geographic, and usually economic ("Finish this or you're fired," to put it bluntly). (Some may cite the PGP 2.x effort as a good example of Net collaboration. I wasn't in on it, but in talking to some of those From: tcmay@netcom.netcom.com (Timothy C. May) Message-Id: <199411291101.DAA12770@netcom14.netcom.com> Date: Tue, 29 Nov 1994 03:01:51 -0800 (PST) Cc: tcmay@netcom.netcom.com (Timothy C. May) who've worked on it, my impression is that the focus was still there. Provided by Phil, and by the _existence_ of PGP 1.0, an examplar that could then be added to, worked on, etc. Remailers are a kind of equivalent.) In any case, the notion that a bunch of us--students, dabblers, activists, engineers, etc.--can somehow create a finished product, or a company, as some folks periodically try to argue for ("Let's do a company!"), is not too likely. (I was going to say "is crazy," but some may think I'm already being insulting enough. Believe me, my intent is not to insult any of us.) Crypto is happening. In bits and pieces. As is to be expected. But then, I'm a pragmatist. --Tim May -----BEGIN PGP SIGNATURE----- Version: 2.7 f99TVoyWuo4gdDiao1/3dC43ZIgVSvTTGXKZ8cy5a4YcFyMLMEKumNfyn7FM/l49 y0CVAgUBLtrswASQkem38rwFAQFZ0AQAixcrK7wNFJzisuA3v8FefURUt05NYj23 2lJw9TVoyWuo4gdDiao1/3dC43ZIgVSvTTGXKZ8cy5a4YcFyMLMEKumNfyn7FM/l PMzcOYXfCseehoweasilytheserequiredsigscouldbespoofed?3858H3w2NlC 3Zo79IIOQyg= =ZSOT -----END PGP SIGNATURE----- -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay @Subject: The Market for Crypto--A Curmudgeon's View @To: cypherpunks@toad.com @In-Reply-To: <199411290857.AAA06729@netcom20.netcom.com> from "Lucky Green" at Nov 29, 94 00:58:25 am @Mime-Version: 1.0 @Content-Type: text/plain; charset=US-ASCII @Sender: owner-cypherpunks@toad.com @Precedence: bulk --- @PATH: 102/825 903 374/14 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: John Schofield 29 Nov 94 23:01:46 Subject: Re: Keep Out *FREE* magazine offer UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 27 Nov 94, John Schofield was quoted as saying: JS> object, and Wired doesn't object, I'd be more than happy to post JS> it here. anything related to privacy or encryption is welcome here. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLtv5LcsQPBL4miT5AQFVrAP/f7AzA6B2IqNNgoEtWjeWUawbk0PFsNn2 31rlo/pTi3aDuDrPjDZS8GTHWeFalhMunc5tsQFrGZE5jTCHv4QWU7kjk+tvjpDJ xG5r7/t9ArHOloy5o6ov1HHAWToosnhYy8nKWpp1vt/xP+jYZYRDr2v27SDZl6Mw 8WGzN3V7tIA= =4iCa -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Basil Hoyl 29 Nov 94 23:04:42 Subject: Re: Re: Call Security shareware for telephone secure sessionsUpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 28 Nov 94, Basil Hoyl was quoted as saying: BH> Christopher, what is the number for the BBS where you found this BH> interesting item? it was in the CALLSEC.FAQ: 4. Where do I Get Call Security? Right now the only place to get it is at the following BBS phone number. Note I didn't see any support for kermit transfers. I recomend using zmodem protocol. Call Security BBS 1 (501) 839 - 8579 - Give your full name. - The password is "security" - Use the "d" command to download - select transfer type like "z" for zmodem (sorry no kermit support) - enter file name "callsec1.zip" - put your comm program in zmodem mode (automatic for most comm programs) -30- TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLtv53ssQPBL4miT5AQEJ3AP+JiP1yauW2fX294T0ti6W0xtaYy2Ws8L5 7j5yZ0dQVUz/vwEr1kpE+Jdrm0rNb8WBN/SXeRQxunjknC5Csgb+eQW48pKu5U0/ 0FZPCwVo9zt9fEWk4fZ5mN9rY5THR6y6pi+L8dVFRRcLExw0fFpIO9oCsobkEuLB YhSFnx4udWg= =PNx9 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Tim Lee Area: Public Key Encryption To: All 28 Nov 94 09:08:00 Subject: A PGP paradox. UpdReq The other day an acquaintance and I were discussing computer security, privacy, and encryption. During the discussion we developed a hypothetical situation in the usage of PGP that neither of us could resolve with any level of confidence. I would now like to appeal to the readers of this conference help resolve it. The situation is: A person is planning to use PGP for a clearly commercial purpose and in order to avoid a potential legal entanglements has made arrangements purchase a copy of PGP 2.7. At this point his is legal. Unfortunately, PGP 2.7 does not support his platform and he requires some major alterations in the operations of the basic PGP package. The alterations would not affect any of the operations of the PGP's encryption engine. To solve this problem, he purchases a copy of PGP 2.7 for the DOS platform and puts it on the shelf. He then acquires a copy of the source code of a freeware version of PGP. --not any of MIT's versions since their license prohibits commercial use. He then make the required alterations and compiles the source code to produce an executable of his platform. At this point has paid for a commercially licensed version of PGP does not use. He has his own version derived from a freeware version which he uses as a proxy for the version 2.7. Question: at this point is he still legal? If not, who has been hurt by his actions--and how? At this point the system is working smoothly and he is ready of "open his doors for business". But there is a small detail that he only now notices. His working version of PGP stamps the freeware version identification on all out going packets. To correct this is considering either, creating a shell script, or batch file to alter the outgoing packets version stamps as version 2.7, or alter the source code to stamp packets with version 2.7 and recompiles it. Question: at this point is he still legal? If not, who has been hurt by his actions--and how? * QMPro 1.52 * "Let us open our checkbooks and pray..." 201434369420143436942014343694201434369420143436942014343694718 From: Brian Giroux Area: Public Key Encryption To: All 28 Nov 94 23:32:00 Subject: PGP VERSIONS UpdReq What is the difference between PGP v2.6 (which I have), PGP v2.6.2 (which I often see being used), and PGP v2.7 (which I've only seen a few times)? Brian Giroux PGP public key available * 1st 1.11 #1757 * He who dies with the most toys still dies... 201434369420143436942014343694201434369420143436942014343694718 From: Rich Veraa Area: Public Key Encryption To: George Foote 28 Nov 94 16:02:14 Subject: 03/Social Cryptography UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message to All, George Foote wrote: GF> The convention is that an encrypted message is sent by Bob GF> and received by Alice: GF> The manner in which RSA should be employed, in my GF> opinion, is for Bob to communicate in clear with Alice and GF> to ask Alice for a RSA key. Alice will then send a GF> "session" public RSA key to Bob (that is a key which will GF> be used on one occasion only) and Bob uses this session key for his GF> message to Alice. Alice decrypts the message with the RSA GF> "private" key she has retained. That session key is then GF> abandoned and never used again. GF> I am convinced that this is a much simpler, safer and more GF> practical method of operating RSA than the proposed GF> method of publishing public keys in advance. Perhaps, but what you're describing is _not_ public-key encryption. If someone is going to use a privately-transmitted one-time key, there are perfectly good conventional-key systems available -- like IDEA -- designed for that purpose that are simpler to use and more secure than RSA. RSA is used the way it is because of WHAT it is: a public-key encryption algorithm. It's not going to displace other types of encryption, nor is the PGP hybrid, but it's useful for its intended purpose -- reliable, convenient, widely available public key encryption. If the situation requires something else, use something else. Cheers, Rich -----BEGIN PGP SIGNATURE----- Version: 2.6.1 Comment: rveraa@907.sunshine.com iQCVAwUBLtodz580iJ+tnwVVAQHdjQP+L3nrJfn8EIPVJMvIGtudMaQY+h9aHneQ FzxbHC0SzK7Zhyh+gxb11ySP1Gzq7PfwWKu+pBLE8a3ZzpfCVlhQwa/CJEDEyAH1 HNmop284AsJSJ/RLsLFSqEwK1T63RnBEsllo870Z00Hf3kkbvluRCX+p/xQD1JNU l0YbLlUHqJ0= =/6DB -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Rich Veraa Area: Public Key Encryption To: John Stephenson 28 Nov 94 16:27:08 Subject: legal PGP UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message to Wes Landaker, John Stephenson wrote: JS> I've asked this question, I don't know that any one has JS> replied, if so forgive me. But what is the *actual* JS> difference between RSA & RSAREF. What's the difference in JS> the two formulae? RSA is an algorithm (mathematical procedure) for public-key encryption. The algorithm is patented by PKP (Public Key Partners), who sell a C toolkit (group of source code functions) called RSAREF. People who want to use the RSA algorithm may purchase the RSAREF toolkit and include the source code in their programs. Phil Zimmerman didn't use RSAREF, though. Referring to the description in mathematics journals, he wrote his own source code to implement it. By so doing, he was not violating any copyright PKP might have on the RSAREF code, but he _was_ violating the _patent_ on the algorithm itself (assuming that the patent is legally defensible, which is still under contention, as patenting an algorithm is pretty much the same as patenting a scientific principle). RSAREF and Phil's RSA code do exactly the same thing -- just the specific code is different. It's as if you and I wrote programs to calculate the average of a group of numbers. I might just add them all and divide by the total number, and you might add each to a running total, and divide that by n at each step. They'd be different applications of the same algorithm ("the average equals the total divided by the number of values"), and would end up with exactly the same result. Cheers, Rich -----BEGIN PGP SIGNATURE----- Version: 2.6.1 Comment: rveraa@907.sunshine.com iQCVAwUBLtom8Z80iJ+tnwVVAQH3HwP+Pju3XymfPoHbA6t/L1VOzaH+/HRdsfkB Ec93raKibaamiUbgl7sQo3hq6s3eIYgS6HCLgFJj8QtqqEUDZYmD47bUG7x14SOv PcJnkEGooJWSPAjC7FtZgZIOjsEg+ZqBtnS7qF6jlJFgG7OgfQ9qpbMjSaXc42vq jBwLwR6psOc= =Dk4g -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Marshall Votta Area: Public Key Encryption To: Christopher Baker 28 Nov 94 16:44:10 Subject: Re: Call Security shareware for telephone secure sessionsUpdReq How is Philip Zimmerman's voice encryption program coming along? -ls 201434369420143436942014343694201434369420143436942014343694718