Xref: gmd.de alt.security.ripem:621 sci.crypt:16581 Path: gmd.de!xlink.net!howland.reston.ans.net!agate!msuinfo! scss3.cl.msu.edu!mrr From: m...@scss3.cl.msu.edu (Mark Riordan) Newsgroups: alt.security.ripem,sci.crypt Subject: Exportable RIPEM/SIG Available Date: 15 Mar 1994 14:55:01 GMT Organization: Michigan State University Lines: 53 Message-ID: <2m4i85$149s@msuinfo.cl.msu.edu> NNTP-Posting-Host: scss3.cl.msu.edu Summary: Free Signature-only version of RIPEM X-Newsreader: TIN [version 1.2 PL1] Announcing the availability of RIPEM/SIG, an exportable signature-only version of RIPEM, a public-key encryption program. RIPEM/SIG is a version of RIPEM 1.2 with encryption and decryption taken out. RSA Data Security has obtained a US State Department Commodities Jurisdiction ruling determining that RIPEM/SIG is exportable from the USA. At this writing, RIPEM/SIG is undergoing a classification to determine what countries it may not be exported to. (Worst case is that RIPEM/SIG may not be exported to such countries as Libya, Iraq, and North Korea.) While this ruling certainly does not fully address the strong concerns of myself and many others regarding the USA's overly restrictive export laws, it does ease things a bit for individuals wishing to exchange authenticated messages across international borders. RSA Data Security has granted a free license to users worldwide of RIPEM/SIG to use the software for any purposes other than direct commercial services. (I.e., selling the software itself or selling a service directly based on the program's functions.) It is allowable to make use of the software at a commercial location or on commercial computer systems. Use for personal communication, or even corporate communications, is permitted. These rights will be clarified in a new RSAREF license and new RSA software, to be available in a few weeks. For a license to use RIPEM/SIG to deliver commercial services, contact RSA Data Security for terms. It is believed that RIPEM/SIG is the only US-exportable signature software in the world available for free to US users. (Non-US users are not bound by RSADSI's US patents, but would be bound by copyright laws.) RIPEM/SIG is built from RIPEM 1.2a sources; thus, RIPEM/SIG source code is not exportable. The executables are exportable. I have compiled RIPEM/SIG for several popular architectures and have placed the executables on ripem.msu.edu, available for anonymous FTP from /pub/crypt/ripem/ripemsig/binaries. Other USA and Canada citizens are welcome to obtain the RIPEM 1.2a source distribution and create and export executables for other platforms. I also wish to announce the availability of RIPEM 1.2a. There were no algorithic changes between 1.2 and 1.2a; simply code changes to create RIPEM/SIG and to accomodate some brain-dead C compilers. RIPEM is available via non-anonymous FTP from ripem.msu.edu. See the file GETTING_ACCESS to get an account. RIPEM/SIG is, as mentioned above, available from the same site via anonymous FTP. Mark Riordan
Xref: gmd.de alt.security.ripem:631 sci.crypt:16784 Path: gmd.de!Germany.EU.net!EU.net!howland.reston.ans.net! europa.eng.gtefsd.com!MathWorks.Com!news.kei.com!bloom-beacon.mit.edu! senator-bedfellow.mit.edu!athena.mit.edu!jim From: j...@chirality.rsa.com (Jim Bidzos) Newsgroups: alt.security.ripem,sci.crypt Subject: Re: Exportable RIPEM/SIG Available Date: 18 Mar 94 17:14:11 Organization: RSA Data Security, Inc. Lines: 95 Message-ID: <JIM.94Mar18171411@chirality.rsa.com> References: <2m4i85$149s@msuinfo.cl.msu.edu> NNTP-Posting-Host: rsa.com In-reply-to: mrr@scss3.cl.msu.edu's message of 15 Mar 1994 14:55:01 GMT More info: Kurt Stammberger, RSA Data Security, Inc. 415/595-8782 To download RSAREF and RIPEM, send any message to rsa...@rsa.com or ftp from ripem.msu.edu RSA DATA SECURITY ANNOUNCES DIGITAL SIGNATURE SOFTWARE THAT IS FREE AND LEGAL WORLDWIDE Information superhighway gets free tool to authenticate information; an answer to Vice-president Gore's concerns over Internet break-ins --------------------------------------------------------- Redwood City, Calif. (March 21, 1994) - RSA Data Security, Inc. announced today a first: digital signature software that is both free and legal worldwide. RSA applied for and received a "commodities jurisdiction," or CJ for a software package called RIPEM/SIG, which was built with RSA Data Security's RSAREF toolkit, a freeware package. A CJ, which is a ruling that the software falls under the Commerce Department's jurisdiction as opposed to the State Department, allows RIPEM to be freely and legally exported. Further, RSA has relaxed the use restrictions in its free crypto toolkit. RSAREF, and any application built with it, may now be used in commercial settings as long as it is not sold or used to provide a direct for-profit service. Digital signatures are produced using the RSA cryptosystem, which is a public-key cryptosystem. Each user has two keys - one public and one private. The public key can be disclosed without compromising the private key. The RSA cryptosystem was invented and patented in the late 1970's by Drs. Rivest, Shamir, and Adleman at the Massachusetts Institute of Technology, and was based on work by Whitfield Diffie and Martin Hellman at Stanford University. Electronic documents can be "signed" with an unforgeable "signature" by using a document/private-key combination to produce a signature unique to the author/document. Anyone, by using only RIPEM and the public key of the author, can verify the authenticity of the document. Applications of digital signatures are endless. One reason that the paperless office has never materialized is that paper must still be printed so that handwritten signatures can be applied. RSAREF and RIPEM solve that problem. Expense reports, any electronic forms, administrative documents, even tax returns can be electronically signed to speed electronic document flow and eliminate fraud. Information on the Internet can be signed and verified to prevent spoofing. Recently, unauthenticated messages at Dartmouth College caused an important test to be cancelled; messages impersonating faculty were sent out. "Data mailed, posted, or put on servers on the Internet is inherently untrustable today," said Jim Bidzos, president of RSA. "Tampering with electronic documents takes no special skills, and leaves no trace. With the availability of a free, legal, and exportable tool such as RIPEM, there's no need for such a situation to continue. It can be used by individuals, corporations, and government agencies at no cost." In a February 4th announcement, Vice-president Gore stated that the recent Internet break-ins could have been prevented with digital signatures. "Here they are," said Bidzos. Recently, cryptography has caused clashes between government and industry, over privacy issues, law enforcement concerns, and export issues. "The US government has approved this software for export," said Bidzos. "Clearly, it's no threat to them. And it's free." Digital signatures can also be used to detect any virus before a program is executed, since any change whatsoever is detected. The RIPEM application was developed using the RSAREF toolkit by Mark Riordan of Michigan State University. A Macintosh version, developed by Ray Lau of MIT, the author of the popular "Stufit" program, is also available. Versions for DOS, Unix, and all popular platforms are supported. "PEM" stands for Privacy Enhanced Mail, a published Internet standard for secure electronic mail. Other innovative applications can also be built with RSAREF and distributed at no cost. The full encryption-capable RIPEM is available only in the US. RSA digital signatures are a standard feature of Lotus Notes, the Apple System 7 Pro Operating System, Novell NetWare, Microsoft Windows at Work, Windows NT, IBM System Security Products, DelRina PerformPro, WordPerfect InForms, SHANA InFormed, BLOC F3 Forms, Fischer International Workflow, and numerous other products. Over 3 million commercial products in the market today already use RSA signatures under license from RSA Data Security. Other RSA licensees include General Magic, Hewlett-Packard, Oracle, Unisys, Digital Equipment Corp, Motorola, and numerous others. RSA Data Security, Inc. designs, develops, markets, and supports cryptographic solutions toolkits and products. The company was founded by the inventors of the RSA cryptosystem in 1982 and is headquartered in Redwood City, California.
Xref: gmd.de alt.security.ripem:632 sci.crypt:16787 Path: gmd.de!newsserver.jvnc.net!yale.edu!yale!gumby!wupost! howland.reston.ans.net!pipex!zaphod.crihan.fr!jussieu.fr!univ-lyon1.fr! swidir.switch.ch!scsing.switch.ch!cmir.arnes.si!not-for-mail From: to...@arnes.si (Tomaz Borstnar) Newsgroups: alt.security.ripem,sci.crypt Subject: Re: Exportable RIPEM/SIG Available Date: 21 Mar 1994 20:08:50 +0100 Organization: ARNES [Academic and Research network of Slovenia] Lines: 25 Message-ID: <2mkrc2$5ga@kanin.arnes.si> References: <2m4i85$149s@msuinfo.cl.msu.edu> Reply-To: Tomaz.B...@arnes.si NNTP-Posting-Host: to...@kanin.arnes.si Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit In article <2m4i85$14...@msuinfo.cl.msu.edu>, Mark Riordan <m...@scss3.cl.msu.edu> wrote: >Announcing the availability of RIPEM/SIG, an exportable signature-only >version of RIPEM, a public-key encryption program. > >RIPEM/SIG is built from RIPEM 1.2a sources; thus, RIPEM/SIG >source code is not exportable. The executables are exportable. >I have compiled RIPEM/SIG for several popular architectures > How can we know that it doesn't contain any trapdoors since we're unable to verify it? Do we have any guarentee that code is clean? Maybe ripem/sig also searches disk while signing, etc? I don't have any proof for this so this are purely my speculations. Tomaz >Mark Riordan -- ARNES (Academic and research network of Slovenia) News admin Phone:+386-61-125-9199 ext. 422; fax:+386-61-219-385 E-mail: news-...@arnes.si | Arnes, Jamova 39, Ljubljana, Slovenia
Xref: gmd.de alt.security.ripem:633 sci.crypt:16820 Path: gmd.de!newsserver.jvnc.net!netnews.upenn.edu!msuinfo!scss3.cl.msu.edu!mrr From: m...@scss3.cl.msu.edu (Mark Riordan) Newsgroups: alt.security.ripem,sci.crypt Subject: Re: Exportable RIPEM/SIG Available Followup-To: alt.security.ripem,sci.crypt Date: 22 Mar 1994 14:33:52 GMT Organization: Michigan State University Lines: 15 Message-ID: <2mmvkg$r41@msuinfo.cl.msu.edu> References: <2m4i85$149s@msuinfo.cl.msu.edu> <2mkrc2$5ga@kanin.arnes.si> NNTP-Posting-Host: scss3.cl.msu.edu X-Newsreader: TIN [version 1.2 PL1] Tomaz Borstnar (to...@arnes.si) wrote: : How can we know that it doesn't contain any trapdoors since we're unable to : verify it? Do we have any guarentee that code is clean? Maybe ripem/sig also : searches disk while signing, etc? I don't have any proof for this so this are : purely my speculations. As you know, to my dismay I am unable to export the source code to RIPEM/SIG. However, the source is available to millions of citizens of the US and Canada. If you get enough people from those countries to look at the source and declare it free of trapdoors, there's a pretty good chance it's clean. Any of those millions can build and export the executables of RIPEM/SIG, so you don't have to rely upon the copies that I built. Mark