From: Gordon Campbell Area: Public Key Encryption To: Ian Hebert 10 Jan 95 10:17:32 Subject: Can I Freq Pgp? UpdReq -----BEGIN PGP SIGNED MESSAGE----- On (08 Jan 95) Ian Hebert wrote to John Goerzen... IH> Technically, citizens of both the U.S. and Canada are subject to ITAR, IH> and therefore both may legally obtain PGP 2.6.2. I would urge IH> Canadians, though, to use PGP 2.6.i. I'd argue this point. Canadians are subject to ITAR only to the point that we are allowed to use the versions that are subject to it. The export restrictions are not enforceable in Canada. Cheers, .....G -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: Help! Help! The paranoids are after me! iQCVAwUBLxKlnZwO1gTQsY8RAQEnMAP8D2NL1r8A/jUOC50qFuvgAtvI/Uyr6dMR zdGQD8Wt3j5wxZwkFZig4SrISB67KZ8BO/okkL32tZB+eE2pz2VDc3lUXK1pk7NW LoBQf5aniEcnHnxmIEmZCCjBIJ2OJnmau3FK1TTL9BLjBLfsJ+gCNLZ/DQQ9x8Aq KCcF3rjct94= =2O+v -----END PGP SIGNATURE----- ... Get thou down. Be thou funky. 201434369420143436942014343694201434369420143436942014343694718 From: David Chessler Area: Public Key Encryption To: Richard Dale 11 Jan 95 00:28:00 Subject: Re: key revoke UpdReq On 01-07-95 (19:55), Richard Dale, in a message to David Chessler about "RE: KEY REVOKE", stated the following: RD> Sheesh! At work half our passwords are "password". The login > name to get into a system is the person's initials, then there's a > random password, but the Windows program password is the person's Require a rich alphabet, the way newer versions of Unix login do. At least one capital letter, at least one number or punctuation. > first name in lower case. The problem is, there are a lot of temp > workers and random people that do need access, so the catch is that > security is fairly lax. Assign passwords. Make them easy to remember, but use the rich alphabet. Change them monthly, and when a temp leaves, expunge immediately. Deny them access to the change-password command. ___ __ chessler@trinitydc.edu d_)--/d chessler@capaccess.org * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: John Schofield Area: Public Key Encryption To: gk pace 10 Jan 95 10:43:32 Subject: Can I Freq Pgp? UpdReq -----BEGIN PGP SIGNED MESSAGE----- --====-- JB> JG> BBS operators can be indicted on criminal charges if somebody from JB> JG> outside the US downloads or FREQs PGP. JB> Who says? Documentation, please. gp> How about Phillip being the target of a US Grand Jury for alledgedly gp> placing PGP upon a medium which "allowed" it to be obtained by someone gp> outside of the US? It's a confusing question. Philip Zimmermann is being investigated by the US Attorney's Office, but he has not been charged with any crime, and it is not known if he will be charged with any crime. If Zimmermann is charged, we should all take a close look at our setups. You need to take all reasonable precautions to ensure that people outside the United States and Canada are not downloading restricted software from your system. However, the crux of the matter is on the definition of reasonable. I could with almost 100% certainty prevent foreign callers from downloading PGP from my system. However, these precautions would make it impossible or very difficult for domestic callers to download PGP. This is an unreasonable restriction. So I take every precaution I can that does not infringe on my first-amendment rights to publish this information domestically. I post notices in several places, saying that these files are for domestic callers only, and that I will delete any foreign caller who downloads restricted files, if I become aware of it. I am also considering implementing a questionaire, that would ask the caller his nationality before granting him access to the restricted files. These are all reasonable precautions. I think it's all I need to do. I sure hope I'm right. I'm not a lawyer. YMMV. John -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Call 818-345-8640 voice for info on Keep Out magazine. iQCVAwUBLxLQr2j9fvT+ukJdAQFFZwP/UOCafrnRKqqNqQNBfqczibFKmpNJd5v1 3s9kWkq+Wiaus8JPgnX85I3Hb4f5ZE77jPkvbjuWWzuTqC2M+jHgiyH2iK4HukEO nKmf1qgeITXL74swAq0iMjKSMTMLSvVLaei9fDbN3LiUYcwxxYhF5dEdD2meJkEg qdybjTSl6G4= =nAl3 -----END PGP SIGNATURE----- **EZ-PGP v1.07 ... He who laughs last probably doesn't understand the joke. 201434369420143436942014343694201434369420143436942014343694718 From: John Schofield Area: Public Key Encryption To: All 10 Jan 95 13:31:10 Subject: Keep Out Electronic Availability AnnouncementUpdReq -----BEGIN PGP SIGNED MESSAGE----- Keep Out The Journal of Electronic Privacy January 10, 1995 ** Keep Out Volume 1, Number 2 now available electronically ** ** Keep Out Volume 2, Number 1 coming soon ** ** FREE sample issues available ** I am pleased to announce the electronic availability of Volume 1, Number 2 of Keep Out, the Journal of Electronic Privacy. To receive a copy, simply send e-mail to keep-out-current@expressnet.org. The subject and body of the message do not matter. You will receive an ASCII-text copy of the issue in reply to your message. You can also do a Fidonet file request to 1:102/903 and request VOL1-NO2.TXT, or call the Sprawl BBS at +1-818-342-5127 and download it. Volume 1, Number 2 had stories on the Pretty Good Privacy (PGP) signature bug, a how-to story on anonymous remailers, an interview with remailer operator Erich von Hollander, and of course, a continuation of our PGP beginners' series with an introduction to digital signatures and the web of trust. While Keep Out is primarily a paper magazine, the text of each issue is released electronically to make sure the information is disseminated widely. This information is too important to limit it to those who can afford a subscription. I am sending this message instead of posting the full text of Keep Out because the electronic edition contains the same commercial advertisements that the paper version does. It would be inappropriate to post it here. To encourage people to subscribe, and to ensure that Keep Out remains solvent, the electronic edition is released roughly one month after the paper version. It seems to be the lot of new magazines to have deadline troubles. Keep Out has unfortunately been no exception. The second issue of Keep Out was released quite late. To bring the magazine's date of issue back in touch with reality, the next issue (Volume 2, Number 1) will be dated March/April, and will be released in paper form on February 27. For that issue, we are working on a review of steganography software (programs for hiding data in sound and picture files), an in-depth report on Tempest technology (which allows an eavesdropper to view your computer screen from a distance without using wires), a story telling the current state of the government's Clipper (wiretap) Chip initiative, and a continuation of our PGP for beginners' series. To receive a free, sample issue of Keep Out, with no strings attached, simply send your postal address to one of the addresses below. You will receive a copy of the next issue when it is mailed out. Keep Out's mailing list is completely confidential. No information about you will be released for any reason, except for court orders, of course. Subscriptions to Keep Out are $15 a year for six issues in the U.S. and Canada, $27 elsewhere. Back issues of the first two issues (Volume 1, Numbers 1 and 2) are available at $7 each inside the U.S. and Canada, $9 elsewhere. U.S. funds only, please. Unfortunately, we can not accept credit cards, but checks and money orders payable to "Keep Out" are welcome. _______________ Contact Methods Voice: +1-818-345-8640 Fax/BBS: +1-818-342-5127 Internet: keep.out@sprawl.expressnet.org Fidonet: "Keep Out" at 1:102/903.0 Snail Mail: Keep Out P.O. Box 571312 Tarzana, CA 91357-1312 USA -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Call 818-345-8640 voice for info on Keep Out magazine. iQCVAwUBLxL5+Wj9fvT+ukJdAQEeMgP8DG/x1JtkES7yEXyW67xOXiC/GPSn29ru eeBgjp7Otqc4HVH46fJBe14zoSAfkgVuQUesOxtsVBUAVT6MS/SICr/i+Wrig6lS k2LbokBD9GIihRVDG20XSkqfo3Uw7GBevFEJClCR7T5+rglnbVP8j+bXhumXBtAv y8wU0yYwaD8= =jZNP -----END PGP SIGNATURE----- ... He who gives up freedom for security deserves neither. 201434369420143436942014343694201434369420143436942014343694718 From: Ian Hebert Area: Public Key Encryption To: Shawn Mcmahon 11 Jan 95 00:16:10 Subject: 2047-bit keys UpdReq SM> Despite the stern warnings of the tribal elders, Richard Dale said this to SM> Jerome Greene: SM> RD> Everyone. Everyone should be able to decrypt it if I have done SM> RD> it right. SM> If you indeed encrypted it to everyone, it would create a message of infinite SM> length. SM> (Well, not really, since there aren't an infinite number of possible keys, but SM> I think I've made my point.) SM> Do you mean to say that instead of encrypting it with someone's public key, you SM> encrypted it with your secret key? Maybe it was merely ascii-armoured with the -a option, and not encrypted? Ian Hebert London, Ontario, Canada RIME: HOMEBASE (5508) Fido: 1:2401/114 Internet: ian.hebert@homebase.com PGP Key: 1024 / 077A2F7F 1993/02/11 PGP Key Fingerprint: A2 15 DE 22 DA FE D4 DC 0F 17 43 24 1F F2 1E 7B * RM 1.3 02664 * Frustrate the NSA, CIA & FBI--Use Pretty Good Privacy (PGP)! 201434369420143436942014343694201434369420143436942014343694718 From: ROBERT WHITLEY Area: Public Key Encryption To: ALL 11 Jan 95 16:56:00 Subject: pgp/olx UpdReq Offline Xpress (1.52) is my offline reader - anyone know of a pgp front end that will work with OLX the way PGPBlue does with Bluewave? Cal -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAy7MpdsAAAEEANPxAbGOyoTpksA29YeKqawDWcEFCVV3fmN1/qMK7rRjREMV WLpwU2f+MsAQ19PMUn6FV6Xer6ZZc3eNgsqR8+uP5jnJzDeSkYdja60D/bP1eoR6 OsN7qqMuwe5w+ZsiNfaAGHkPITdoHngtEO184oYGWSA47+dp9fQzqrlwqUBFAAUR tCJDYWwgU29uZ3NpbmdlciA8Q2FsU2luZ2VyQGFvbC5jb20+ =Yzhd -----END PGP PUBLIC KEY BLOCK----- # Origin: FIDONET.ORG (1:374/5) 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Brian Giroux 11 Jan 95 17:57:50 Subject: Re: PGP LEGAL OUTSIDE US? UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 03 Jan 95, Brian Giroux was quoted as saying: BG> I've seen someone around here use the "Comment" line "PGP 2.6 is BG> legal in Zone 1 so use it ", or something to that effect. probably. [grin] BG> My question is this; what is Zone 1? Zone 1 is the U.S.A. and Canada. BG> There is a small thread in a local echo about the legality of PGP, BG> some people are under the impression that it isn't allowed to leave BG> the US, I'm under the impression that it is legal all over Canada BG> and the US Could someone clear this up? encryption technology may not be exported from the U.S. [except to Canada] UNLESS you have a valid ITAR export license from the U.S. government. the current version of PGP [2.6.2] is fully legal in the U.S. and Canada for personal, non-commercial use. there are two distinct issues in your question above that should be cleared up. first is whether PGP is 'legal'. PGP 2.6.2 is a licensed version that is legal for use anywhere in the U.S. and Canada under the restrictions above. there was talk of previous versions infringing on a claimed [but unenforced] patent on one of the algorithms used in its operation. 2.6.2 and 2.7 [commercial version from ViaCrypt] don't have this cloud. the second issue is whether PGP is legal outside the U.S. or Canada. that depends on where it is used and what the local laws are. U.S. laws have no force in other countries. it is ILLEGAL to export PGP to any other countries, however, so the point is moot for U.S. users. when PGP gets out of the control of the U.S. law by getting overseas, it is also moot. just don't be the one to export it without getting your ITAR license first. hope that helps. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLxRic8sQPBL4miT5AQFORgP/Sd0Gb6e+ppD1HpmSgzhZdkT3HrpAS+tx /Hg42z9G4hXZ/O2SQ/ZyMPhH4KK1LSvhfzGrQUlZ9Z004BhUQcKg1cdNqfMY9wF+ hpn6lV3jLwMWYXcNz2DML3psQAcRJmRHV2B48Ih6aIxhP9ch/OqPx/8dL/+/4jiM sSUiCaNtJs8= =8mWp -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Scott Miller 11 Jan 95 18:00:30 Subject: Re: Problem generating keys UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 10 Jan 95, Scott Miller was quoted as saying: SM> I am using PGP 2.6.2 and I tried to generate a 2048 bit key. I SM> entered 2048 bits when it prompted, and it generated it, but it gave SM> errors when Sigs made by it were verified. Also, when I view it SM> (-kv) it says 2047 bits. Everyone elses are 2048, so what am I doing SM> wrong? 2047 is the actual size of everyones 2K key. it is explained in the docs or the source as a calculation deficit of some kind and normal. i'm not sure what you mean about the errors. TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLxRjEcsQPBL4miT5AQGMKwP/UkSnR/OclsDyeVNZsztosP6yw+MfiEhI fVXeTk02ebRRJ2+s06II2jJ0sbKfqbF3XTpO2+/w/J3s+jxIUH7VeaciiJocN4Eg /a7EU4Xu25IrHGNHz6n1k7HRT9VeVKsQlFRAp+n27fnLGSl7NgHAFL9VxjcyJPX2 zeoExKxaKcQ= =nblt -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Glen Todd Area: Public Key Encryption To: Shawn McMahon 11 Jan 95 20:16:00 Subject: KEY REVOKE UpdReq -----BEGIN PGP SIGNED MESSAGE----- *** Answering a msg posted in area PERSONAL_MAIL (Glen's personal mail). Bright the day, Shawn! Monday January 09 1995 12:15, Shawn McMahon wrote to Glen Todd: GT>> I tend to use long words in obscure/fictional languages or, if I'm GT>> semi-serious about securing a link (such as session pwds) I have a GT>> little utility that generates psuedo-random Radix-64 sequences of any GT>> desired length. SM> The same warnings about using English words apply to any other language SM> you care to use, including Tibetan, tlhIngan, or Elvish. SM> So, if you're gonna do this, at least throw in some alphanumeric stuff. SM> And watch those lengths; 8 characters of Tibetan is still just 8 SM> characters. Unfortunately, that length is limited by a lot of programs. As I said, for stuff I want to be semi-secure, I use pseudo-random Radix-64 sequences generated by a utility I wrote (that uses system time as it's seed.) I'm also looking into ways to use PGP to secure/validate packets. Wind to thy wings, Glen Count Dracula - your Bloody Mary is ready... - --- GoldED/386 2.50.B1016+ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Joe McCarthy would have loved the Clipper chip. iQEVAwUBLxSgA0sDfAvy+TXBAQFTNAf/Y405X5mTHFhuv97jOGv9NMrp0rQ3mHTM M/WNEnjZSHBd6cPoHWaFKv34DPIz8dm5FsBJrKVUO9RZcpYI0Os7JUuYbVHcjPF0 R7yvhhsxe3CCDbV9YWGGZPfBXROhSwnv3ZMKIpqXUU/VzSn+f4++nVVZ2Etey9y1 LVBOEzE+3/wsgfUfe3XJ8i+XfxlYpDbJ+wCJJircxz5WSRaIT0evmUVTgJ3U75oF ZUFSsALnilSKwJAxmU9tLUjRQrQLgjCMDDaQX6hWzJVAZbdPbk2lRXHK1jCAzAYA sSlY7z7O1FmE6w2vwYwIjkXyq7FiqUxz2RpCxIiEMIOc1RjbxqYZsw== =5m5S -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Glen Todd Area: Public Key Encryption To: Shawn McMahon 11 Jan 95 20:21:00 Subject: KEY REVOKE UpdReq -----BEGIN PGP SIGNED MESSAGE----- *** Answering a msg posted in area PERSONAL_MAIL (Glen's personal mail). Bright the day, Shawn! Monday January 09 1995 12:15, Shawn McMahon wrote to Glen Todd: SM> If *YOU* have a dictionary for the language, then somebody else might; and SM> you can throw a dictionary at a tlhIngan password just as easily as you SM> can an English one. That won't help them with my (intentionally) lousy spelling.{g} Wind to thy wings, Glen But soft, what light through yonder tagline breaks? - --- GoldED/386 2.50.B1016+ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Joe McCarthy would have loved the Clipper chip. iQEVAwUBLxSgj0sDfAvy+TXBAQFHlQf/cj3uwxW6Zgi1N6DkEK1LhIXtOY0aIsNw mg80clJT+s+pD4f3OR6q7ovtyoTp4M21O+EK28QFHIhGevD2Sy1sU4B2tm5Y4m+V hFbHiiuXap0p1lP1uEyaYy/vlwvw7IBA42ZRiKQHQK7Rt3AXAVJRbj4D2KaYrnTl qJaJ1QwX7Gl0WB0vGC0YHN2wrzVgvQWRLILGz0RR2RIi0k0XH0N1DknwHLE5B0jz f05IyT9MUfBLwdvSQSAxEeSV2Ht0ISkwzVT/6N7++m1tWsBjsIGGB4yZsMjTxlIb vkyXOSFCiL+KH4LpqjQzCqWeKnxjn70DNahfiodgJXmAqHvCykzERg== =BE6W -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718