Path: sparky!uunet!icd.ab.com!iccgcc.decnet.ab.com!lieser
From: lie...@iccgcc.decnet.ab.com (Ed Lieser)
Newsgroups: sci.crypt
Subject: Pretty Good (tm) Privacy
Message-ID: <1992Jan16.172413.6832@iccgcc.decnet.ab.com>
Date: 16 Jan 92 17:24:12 EST
Lines: 24
In Mondo 2000 magazine, issue #5:
What if you saw Congress trying to pass some invasive,
repressive laws? And what if, single handedly, you could
nullify these laws, forever? Would you do it?
Senate bills S266 and S618 posed just those questions to
Philip Zimmerman, a Boulder software engineer. ... [The
bills] both have language, however, requiring government-
accessible "back doors" in all encryption software produced
or sold in the United States. ... Philip Zimmerman took
direct action. Taking several months off from his regular
paying customers, he wrote the *definitive encryption program
for the masses*.
PGP -- Pretty Good Privacy -- it's called. It's a textbook
example of guerrilla activism based on the Rivest-Shamir-Adelman
public-key cryptosystem....
The article mentions that he will possibly be sued by the company
controlling licensing of the RSA algorithm, but that the software
is available free via anonymous FTP and on bulletin boards.
I hadn't heard of this program before this. Is it widely known?
Ed
Path: sparky!uunet!sequent!talon!news.cs.indiana.edu!mips!think.com!
camb.com!tinkelman
From: tink...@camb.com (Bob Tinkelman)
Newsgroups: sci.crypt
Subject: Re: Pretty Good (tm) Privacy
Message-ID: <1992Jan17.022348.39873@camb.com>
Date: 17 Jan 92 07:23:48 GMT
References: <1992Jan16.172413.6832@iccgcc.decnet.ab.com>
Organization: Cambridge Computer Associates, Inc.
Lines: 103
In article <1992Jan16....@iccgcc.decnet.ab.com>,
lie...@iccgcc.decnet.ab.com (Ed Lieser) writes about PGP
> I hadn't heard of this program before this. Is it widely known?
See attached for ftp info.
--
Bob Tinkelman, Cambridge Computer Associates, Inc., 212-425-4900, b...@camb.com
�
From: Philip Zimmermann, p...@sage.cgd.ucar.edu
To: People interested in PGP (Pretty Good Privacy)
Re: Where to get PGP
This is in response to your inquiry regarding how to get the freeware
public key cryptographic software PGP (Pretty Good Privacy) from an
anonymous FTP site on Internet, or from any other source.
PGP has sophisticated key management, an RSA/conventional hybrid
encryption scheme, message digests for digital signatures, data
compression before encryption, and good ergonomic design. PGP is
well featured and fast, and has excellent user documentation. Source
code is free.
What follows is a sample of places that allegedly have PGP. This
information is not guaranteed to be correct. If you care to set up any
additional reliable FTP sites, please let me know about it, including
the host name and directory, and how long you think it will be there.
PGP uses the RSA cryptosystem which is claimed by a US patent held by
a company called Public Key Partners. PGP users outside the US take
note that there is no RSA patent outside the US.
Bear in mind that there are US and Canadian export laws prohibiting
anyone inside the US and Canada from exporting cryptographic software
like this. If you live in another country, you are advised not to
violate US export laws by copying these files from a US source.
Since thousands of US users got it, it has somehow leaked out of the
US and spread itself worldwide. If PGP has already found its way
into your country, then you're probably not violating US export law
if you pick it up from a source outside of the US. For those of you
who need to obtain PGP from sources outside the US, some foreign
sources are listed.
There are two compressed achive files in the PGP MSDOS release. You
must get pgp10.zip which contains the binary executable and the PGP
User's Guide, and you can optionally get pgp10src.zip which contains
the source files. These files can be decompressed with the MSDOS
shareware archive decompression utility PKUNZIP.EXE.
A reminder: Set mode to binary or image when doing an FTP transfer.
Here are some FTP sites that have both pgp10.zip and pgp10src.zip:
HOST DIRECTORY
USA: uunet.uu.net (137.39.1.2) /tmp
pc.usl.edu (130.70.40.3) /pub/msdos/crypto
gatekeeper.dec.com (16.1.0.2) /pub/micro/msdos/pgp
ucbarpa.berkeley.edu (128.32.130.11) /pub
New Zealand: kauri.vuw.ac.nz /pub/ms-dos/Encryption
Here are some FTP sites that have pgp10.zip:
Finland: garbo.uwasa.fi (128.214.87.1) /pc/fileutil
Australia: sol.deakin.oz.au (128.184.1.1) /pub/PC/chyde/fileutil
PGP is also available on PeaceNet and EcoNet, run by IGC in San
Francisco. Log in and check the "micro" conference. The Web in
Canada also has it.
PGP is also widely available on Fidonet, a large informal network of
PC-based bulletin board systems interconnected via modems. Check
your local bulletin board systems. It is available on many foreign
and domestic Fidonet BBS sites.
In the US, PGP may be found on God knows how many BBS systems, far
too many to list here. Still, if you don't have any local BBS phone
numbers handy, here are some free little BBS's in Colorado you might
try: 303 652-3595, or 303 443-8292, or 303 231-0990.
In Toronto Canada, try this BBS: 416 798-4786
In New Zealand, try these (supposedly free) dial-up BBS systems:
Amstrad BBS: +64 9 445-3619
Infoboard: +64 9 833-8788
Kappa Crucis: +64 9 817-3714, -3725, -3324, -8424, -3094, -3393
In the Netherlands there is a BBS called Operation Hacker Storm that
is pushing PGP pretty heavily. The phone number is: +31 22 3060551
Also in the Netherlands, try Patrick Oonk, whose email address is:
Internet: ro...@ooc.uva.nl
Phone: +31 70 3642364
In Germany, try Hugh Kennedy, whose email address is:
Internet: 7004...@compuserve.com
Compuserve: 70042,710
In Austria, try Michael Weiner, whose email addresses are:
Eunet: mwe...@bene.co.at
Fidonet: 2:310/11.123
Fax: ++43 1 94 14 65
Path: sparky!uunet!think.com!camb.com!tinkelman
From: tink...@camb.com (Bob Tinkelman)
Newsgroups: sci.crypt
Subject: Re: Pretty Good (tm) Privacy
Message-ID: <1992Jan17.152633.39874@camb.com>
Date: 17 Jan 92 15:26:32 EST
References: <1992Jan16.172413.6832@iccgcc.decnet.ab.com>
<1992Jan17.022348.39873@camb.com>
Organization: Cambridge Computer Associates, Inc.
Lines: 28
In article <1992Jan17.0...@camb.com>, I had replied to a question
asked in sci.crypt about PGP (Phil Zimmermann's Pretty Good Privacy).
This message has two parts - an apology and a gripe.
First I owe Phil and the net an apology for a breach in netequitte. I
forwarded to the net a message from Phil that I'd saved on my system, I'd
guess from last summer. It looked like a general posting from Phil to the
net, but in fact I had received it in private communications from Phil. I
should not have posted it without first getting Phil's permission. I was
lazy and didn't check. I was wrong. I'm sorry.
Phil called me today and we had a very nice chat. Phil explained that
since the time he wrote that document and since the time that PGP was
posted at all those ftp sites last June, he has (under pressure from RSA,
I assume) agreed not to take any part in the distribution or promotion of
PGP. I guess he was concerned that my posting could be interpreted as a
violation by him of some agreement. It wasn't.
This brings me to my gripe. If it's really true that RSA is threatening
Phil with legal action (and Phil clearly does not feel at liberty to talk
about this himself) then I think RSA is doing something really wrong.
I'd like to find out the truth behind this and talk about it (possibly
here in sci.crypt) but I feel frustrated. Clearly as much as he'd like
to do so, Phil will not feel at liberty to join us in this discussion.
--
Bob Tinkelman, Cambridge Computer Associates, Inc., 212-425-4900, b...@camb.com
Path: sparky!uunet!peregrine!ccicpg!cci632!uupsi!psinntp!rpi!uwm.edu!
linac!uchinews!lucpum.it.luc.edu!lucpul.it.luc.edu!hmiller
From: hmi...@lucpul.it.luc.edu (Hugh Miller)
Newsgroups: sci.crypt
Subject: Re: Pretty Good (tm) Privacy
Message-ID: <hmiller.695628952@lucpul.it.luc.edu>
Date: 17 Jan 92 06:15:52 GMT
References: <1992Jan16.172413.6832@iccgcc.decnet.ab.com>
Sender: ro...@lucpum.it.luc.edu (System PRIVILEGED Account)
Organization: Loyola University Chicago
Lines: 65
In <1992Jan16....@iccgcc.decnet.ab.com> lie...@iccgcc.decnet.ab.com
(Ed Lieser) writes:
> What if you saw Congress trying to pass some invasive,
> repressive laws? And what if, single handedly, you could
> nullify these laws, forever? Would you do it?
> Senate bills S266 and S618 posed just those questions to
> Philip Zimmerman, a Boulder software engineer. ... [The
> bills] both have language, however, requiring government-
> accessible "back doors" in all encryption software produced
> or sold in the United States. ... Philip Zimmerman took
> direct action. Taking several months off from his regular
> paying customers, he wrote the *definitive encryption program
> for the masses*.
> PGP -- Pretty Good Privacy -- it's called. It's a textbook
> example of guerrilla activism based on the Rivest-Shamir-Adelman
> public-key cryptosystem....
>The article mentions that he will possibly be sued by the company
>controlling licensing of the RSA algorithm, but that the software
>is available free via anonymous FTP and on bulletin boards.
>I hadn't heard of this program before this. Is it widely known?
Yes. And deservedly so. It's a very nice implementation of the RSA
algorithm for public key encryption, digital signatures, the whole
schmeer. It even includes a command-line option for private-key
encryption for files you want to keep yourself, and not send to others;
so it's a `switch hitter' in this respect. It's fast, small, and wipes
all its scratchfiles on exit. You can even set an environment variable
to direct PGP to look on a separate floppy disk if you don't like to
keep your collection of keys on your hard drive.
When it encrypts a file, it compresses it first (nice: cuts down on
upload time and improves strength of encryption). Also, if you're going
to be sending the message by e-mail, it has a command line option to
produce the ciphertext directly as a uuencoded ASCII file (also nice).
Best of all, Phil has thrown in the source code so you can compile
it yourself if you don't want to trust somebody else's binaries.
Binaries (for MS-DOS) and docfiles are available in a file called
PGP10.ZIP, and sourcecode in portable C in one called PGP10SRC.ZIP.
Both have been uploaded by now to virtually every BBS in the world, I am
sure. They are also available at various sites on the Internet, if you
have binary ftp capabilities. I have a short list of sites I'll post
tomorrow. Right off the top of my head, I know that both files were at
uunet.uu.net in the /tmp subdirectory, last I looked; PGP10.ZIP (MS-DOS
binaries) are at garbo.uwasa.fi as well.
As to whether Phil will be sued or not, that is in the hands of PK
Partners and RSA Associates. He has not been yet. He has signed an
agreement not to have anything further to do with distribution of the
current version, and as a part of that agreement published a letter in
this newsgroup a while back stating same.
As to whether or not an algorithm such as RSA ought to be
patentable, well... That issue falls outside the mandate of this
newsgroup. For the record, I am of the strong opinion that it should
NOT be so patentable, and that the Patent Office has gone collectively
insane or ideologically around the bend in permitting RSA and other
algorithms to be so patented. But I will not engage in a debate on the
matter here.
-=- Hugh
--
Hugh Miller | Dept. of Philosophy | Loyola University of Chicago
Voice: 312-508-2727 | FAX: 312-508-2292 | hmi...@lucpul.it.luc.edu
"Read broadly, think scientifically, speak briefly, and sell the goods!"
-- Sinclair Lewis, _The Man Who Knew Coolidge_
Path: sparky!uunet!usc!apple!netcomsv!rcain
From: rc...@netcom.COM (Robert Cain)
Newsgroups: sci.crypt
Subject: Re: Pretty Good (tm) Privacy
Message-ID: <1992Jan18.063519.28425rcain@netcom.COM>
Date: 18 Jan 92 06:35:19 GMT
References: <10410@lectroid.sw.stratus.com>
Organization: Netcom - Online Communication Services (408 241-9760 guest)
Lines: 16
Can anyone speak to the question of USING something that is patented if
one didn't pay for it. Since the PGP package is now obviously ubiquitous
(and a portable Unix version inevitable) what if anything prevents us from
setting up a public key archive that we can all enter our keys into and
then just using this thing. It may all be very illegal but I would like
to know if so and how so.
If it can be ascertained that we are not breaking the law by using this
thing let's do so and get on with it. If I am not mistaken, I can make
and personally use anything that is patented, I just can't sell it. Right
or wrong?
--
Bob Cain rc...@netcom.com 408-358-2007
"Systems should be described as simply as possible, but no simpler."
A. Einstein
Path: sparky!uunet!usc!apple!rutgers!rochester!cantaloupe.srv.cs.cmu.edu!mnr
From: mn...@cs.cmu.edu (Marc Ringuette)
Newsgroups: sci.crypt
Subject: Re: Pretty Good (tm) Privacy
Message-ID: <1992Jan19.061618.59212@cs.cmu.edu>
Date: 19 Jan 92 06:16:18 GMT
Organization: School of Computer Science, Carnegie Mellon
Lines: 17
Nntp-Posting-Host: daisy.learning.cs.cmu.edu
Originator: m...@DAISY.LEARNING.CS.CMU.EDU
I believe the following two things:
(1) By law, RSADSI can sue to maintain its monopoly.
(2) It is really unfortunate and harmful that they choose to do so.
I had a chat with Jim Bidzos last year. He basically said, hey, we're
a good operation, so if you need software come get it from us. And
since it's possible for them to enforce this suggestion by law, they do
so. It's the American way, right?
But I will not personally excuse harmful and selfish behavior because it's
legal and normal in the business world. RSADSI has done a lot of harm
in preventing Internetters from using public key technology, in exchange
for possibly nonexistent gains to itself. Shame on you, Jim!
[ Marc Ringuette | Cranberry Melon University, Cucumber Science Department ]
[ m...@cs.cmu.edu | 412-268-3728 | "I've half a mind to be a vegetable." ]