From: Shawn McMahon Area: Public Key Encryption To: Glen Todd 8 Jan 95 12:01:42 Subject: Can I Freq Pgp? UpdReq Despite the stern warnings of the tribal elders, Glen Todd said this to John Goerzen: GT> Short of having Caller ID that will identify international calls, which GT> does not to my knowlege (and I work for MCI Systems Engineering) exist GT> and blocking ALL non-US nodes (including those which do not have GT> distinctive zone numbers) from your front end, how do you propose to GT> support this? Can't be done, which is part of the reason we're bitching about the law. GT> Also, can you cite US code chapter and section numbers on this, or is GT> it just your opinion? DTR Part 120.10, subsection 4. Some have held, in the past, that the government wouldn't attempt to enforce this thing to the letter, since it technically prevents American citizens from given lectures on mathematics in foreign countries in direct violation of the First Amendment, but note that Phil Zimmerman is being investigated and may yet be tried. 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Richard Dale 8 Jan 95 12:06:32 Subject: Re: 2047-bit keys UpdReq Despite the stern warnings of the tribal elders, Richard Dale said this to Jerome Greene: RD> Everyone. Everyone should be able to decrypt it if I have done RD> it right. If you indeed encrypted it to everyone, it would create a message of infinite length. (Well, not really, since there aren't an infinite number of possible keys, but I think I've made my point.) Do you mean to say that instead of encrypting it with someone's public key, you encrypted it with your secret key? 201434369420143436942014343694201434369420143436942014343694718 From: Jim Bell Area: Public Key Encryption To: JOHN GOERZEN 6 Jan 95 23:21:00 Subject: Can I Freq Pgp? UpdReq -=> Quoting John Goerzen@1:291/51 to Todd Jacobs <=- TV> 2.6.2 fixes a lot of bugs, and is fully legal. 'nuff said. You can FREQ TV> here with the magic name of PGP (or try PGP262.ZIP if that fails). JG> Should be added here that 2.6.2 is fully legal only within the US. It JG> is illegal to export it. JG> International users need PGP 2.xx UI (it will always have UI after JG> it). JG> BBS operators can be indicted on criminal charges if somebody from JG> outside the US downloads or FREQs PGP. Who says? Documentation, please. And let's do a "reasonableness test" on your answer: Scenario 1: Suppose somebody bought a copy of PGP at the local Egghead Software (yes, I know it's not for sale...) and then took it out of the country? Would Egghead Software be "guilty" of a crime? I say no. And as far as I know, "the law" agrees with me. Scenario 2: Suppose a BBS allowed downloads of PGP, and a person downloaded it locally, from with the US. Suppose he THEN carries a copy outside of the country. Is the BBS operator guilty of a crime? I say no. And likewise, as far as I know, "the law" agrees with me. Notice that in these first two scenarios, there isn't even anything "morally wrong" about this. Scenario 3: Suppose a BBS allowed downloads of PGP, and a person downloaded it from OUTSIDE the US. Is the BBS operator guilty of a crime? Now we're getting to the crux of the matter. If a BBS operator has no way to know if any particular caller comes from outside the US, and if it is legal for him to post PGP on his system for domestic download, then there should be nothing illegal (at least, to him) for the consequences of an aruably illegal download that he did not initiate. Otherwise, you'd set up a discriminatory system where local software stores have an advantage since they were "only" selling the software locally. In fact, it is at least arguable that THE PHONE COMPANY is the actual entity "guilty" of exporting PGP, seeing as how their system carried the signals outside of the country. See the problem? The people who try to argue that putting PGP on a BBS, which then is called from outside the country, results in a violation of the laws chargeable to the BBS operator, are arguing a very selective and opportunistic interpretation of the law. ... On what conclusion do you base your facts? ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Jeff Trowbridge Area: Public Key Encryption To: Aaron Goldblatt 5 Jan 95 23:49:00 Subject: pgp problems UpdReq On (04 Jan 95) Aaron Goldblatt wrote to Jeff Trowbridge... AG> -----BEGIN PGP SIGNED MESSAGE----- JT>> response, save it, back to Ppoint, open the editor again, but AG> when I run JT>> pgp -sat response.asc I get a completly encrypted message. JT>> Does anyone know why it does this? AG> It's likely that your message text file contains ^a kludge lines, or AG> high-ASCII AG> characters. PGP sees these and assumes a binary file, even if you AG> specify AG> plaintext. Since you specified ASCII armouring, it did ... the entire AG> thing, AG> rendering the message useless ... AG> The only way around this is to be sure that your message doesn't have AG> high AG> ASCII in it. Thanks for the info, I'll check it out. AG> D'Artagnon AG> ... Climb on the back with me, little girl, for a magic carpet ride! Nice tag line. Regards, Jeff 201434369420143436942014343694201434369420143436942014343694718 From: Raymond Paquin Area: Public Key Encryption To: John Goerzen 6 Jan 95 17:04:54 Subject: Can I Freq Pgp? UpdReq JG> Should be added here that 2.6.2 is fully legal only JG> within the US. It is JG> illegal to export it. JG> International users need PGP 2.xx UI (it will JG> always have UI after it). JG> BBS operators can be indicted on criminal charges JG> if somebody from outside JG> the US downloads or FREQs PGP. Only partly true. It is legal to export it to Canada. To the best of my knowledge, this is the only exception. Ciao... 201434369420143436942014343694201434369420143436942014343694718 From: Rich Veraa Area: Public Key Encryption To: jason carr 6 Jan 95 18:35:36 Subject: KEY REVOKE UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message to Brian Giroux, jason carr wrote: BG> (I just added the "~" to prevent anyone from adding a bad BG> key to their keyring) jc> Bad? Is this the original or the revocation? If it's the jc> original it's good, and fine, and bueno, and wonderful, jc> exciting, shiny, etc. jc> Just delete the revocation from your ring and add in this jc> file. All will be well, Grasshopper. Um... BG> Anyway, this is the file that I created on November 7 for BG> the purpose of posting it to the PKEY_DROP echo. Can I BG> just add this key to my keyring to effectively unrevoke the BG> key? jc> DELete the revocation first (and save it to a file!). But, if it's the key he prepared for posting, it's just his public key... his private key is still revoked and no longer exists in secring.pgp. Cheers, Rich -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: rveraa@907.sunshine.com iQCVAwUBLw2qf580iJ+tnwVVAQEOSAP+PlnXbAZ/GqaijntUypZXJLUa8KEfBGz7 RE2+PxnqK2S43mL0fVn0J1xgnIe9nbaKQkwUsEq2OvQf0JWSMV5/NMHYMHnf6S8l 2A0Z2jUjAkJjRIknc09YBjEqH5EpRapkn4M97mvFSOMVKuNYfZOv6e+DbSkYiwS4 uLy5rAJf07k= =dgq+ -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Glen Todd Area: Public Key Encryption To: Shawn McMahon 7 Jan 95 20:10:00 Subject: KEY REVOKE UpdReq Bright the day, Shawn! Wednesday January 04 1995 14:26, Shawn McMahon wrote to jason carr: jc>> I've demonstrated the ease of guessing pwords here at work for my jc>> underlings... SM> I was showing a friend a file containing some of the most common SM> passwords; I believe it was the list the Internet worm used, or perhaps it SM> was some other famous worm. I tend to use long words in obscure/fictional languages or, if I'm semi-serious about securing a link (such as session pwds) I have a little utility that generates psuedo-random Radix-64 sequences of any desired length. Wind to thy wings, Glen 201434369420143436942014343694201434369420143436942014343694718