Path: sparky!uunet!icd.ab.com!iccgcc.decnet.ab.com!lieser From: lie...@iccgcc.decnet.ab.com (Ed Lieser) Newsgroups: sci.crypt Subject: Pretty Good (tm) Privacy Message-ID: <1992Jan16.172413.6832@iccgcc.decnet.ab.com> Date: 16 Jan 92 17:24:12 EST Lines: 24 In Mondo 2000 magazine, issue #5: What if you saw Congress trying to pass some invasive, repressive laws? And what if, single handedly, you could nullify these laws, forever? Would you do it? Senate bills S266 and S618 posed just those questions to Philip Zimmerman, a Boulder software engineer. ... [The bills] both have language, however, requiring government- accessible "back doors" in all encryption software produced or sold in the United States. ... Philip Zimmerman took direct action. Taking several months off from his regular paying customers, he wrote the *definitive encryption program for the masses*. PGP -- Pretty Good Privacy -- it's called. It's a textbook example of guerrilla activism based on the Rivest-Shamir-Adelman public-key cryptosystem.... The article mentions that he will possibly be sued by the company controlling licensing of the RSA algorithm, but that the software is available free via anonymous FTP and on bulletin boards. I hadn't heard of this program before this. Is it widely known? Ed
Path: sparky!uunet!sequent!talon!news.cs.indiana.edu!mips!think.com! camb.com!tinkelman From: tink...@camb.com (Bob Tinkelman) Newsgroups: sci.crypt Subject: Re: Pretty Good (tm) Privacy Message-ID: <1992Jan17.022348.39873@camb.com> Date: 17 Jan 92 07:23:48 GMT References: <1992Jan16.172413.6832@iccgcc.decnet.ab.com> Organization: Cambridge Computer Associates, Inc. Lines: 103 In article <1992Jan16....@iccgcc.decnet.ab.com>, lie...@iccgcc.decnet.ab.com (Ed Lieser) writes about PGP > I hadn't heard of this program before this. Is it widely known? See attached for ftp info. -- Bob Tinkelman, Cambridge Computer Associates, Inc., 212-425-4900, b...@camb.com From: Philip Zimmermann, p...@sage.cgd.ucar.edu To: People interested in PGP (Pretty Good Privacy) Re: Where to get PGP This is in response to your inquiry regarding how to get the freeware public key cryptographic software PGP (Pretty Good Privacy) from an anonymous FTP site on Internet, or from any other source. PGP has sophisticated key management, an RSA/conventional hybrid encryption scheme, message digests for digital signatures, data compression before encryption, and good ergonomic design. PGP is well featured and fast, and has excellent user documentation. Source code is free. What follows is a sample of places that allegedly have PGP. This information is not guaranteed to be correct. If you care to set up any additional reliable FTP sites, please let me know about it, including the host name and directory, and how long you think it will be there. PGP uses the RSA cryptosystem which is claimed by a US patent held by a company called Public Key Partners. PGP users outside the US take note that there is no RSA patent outside the US. Bear in mind that there are US and Canadian export laws prohibiting anyone inside the US and Canada from exporting cryptographic software like this. If you live in another country, you are advised not to violate US export laws by copying these files from a US source. Since thousands of US users got it, it has somehow leaked out of the US and spread itself worldwide. If PGP has already found its way into your country, then you're probably not violating US export law if you pick it up from a source outside of the US. For those of you who need to obtain PGP from sources outside the US, some foreign sources are listed. There are two compressed achive files in the PGP MSDOS release. You must get pgp10.zip which contains the binary executable and the PGP User's Guide, and you can optionally get pgp10src.zip which contains the source files. These files can be decompressed with the MSDOS shareware archive decompression utility PKUNZIP.EXE. A reminder: Set mode to binary or image when doing an FTP transfer. Here are some FTP sites that have both pgp10.zip and pgp10src.zip: HOST DIRECTORY USA: uunet.uu.net (137.39.1.2) /tmp pc.usl.edu (130.70.40.3) /pub/msdos/crypto gatekeeper.dec.com (16.1.0.2) /pub/micro/msdos/pgp ucbarpa.berkeley.edu (128.32.130.11) /pub New Zealand: kauri.vuw.ac.nz /pub/ms-dos/Encryption Here are some FTP sites that have pgp10.zip: Finland: garbo.uwasa.fi (128.214.87.1) /pc/fileutil Australia: sol.deakin.oz.au (128.184.1.1) /pub/PC/chyde/fileutil PGP is also available on PeaceNet and EcoNet, run by IGC in San Francisco. Log in and check the "micro" conference. The Web in Canada also has it. PGP is also widely available on Fidonet, a large informal network of PC-based bulletin board systems interconnected via modems. Check your local bulletin board systems. It is available on many foreign and domestic Fidonet BBS sites. In the US, PGP may be found on God knows how many BBS systems, far too many to list here. Still, if you don't have any local BBS phone numbers handy, here are some free little BBS's in Colorado you might try: 303 652-3595, or 303 443-8292, or 303 231-0990. In Toronto Canada, try this BBS: 416 798-4786 In New Zealand, try these (supposedly free) dial-up BBS systems: Amstrad BBS: +64 9 445-3619 Infoboard: +64 9 833-8788 Kappa Crucis: +64 9 817-3714, -3725, -3324, -8424, -3094, -3393 In the Netherlands there is a BBS called Operation Hacker Storm that is pushing PGP pretty heavily. The phone number is: +31 22 3060551 Also in the Netherlands, try Patrick Oonk, whose email address is: Internet: ro...@ooc.uva.nl Phone: +31 70 3642364 In Germany, try Hugh Kennedy, whose email address is: Internet: 7004...@compuserve.com Compuserve: 70042,710 In Austria, try Michael Weiner, whose email addresses are: Eunet: mwe...@bene.co.at Fidonet: 2:310/11.123 Fax: ++43 1 94 14 65
Path: sparky!uunet!think.com!camb.com!tinkelman From: tink...@camb.com (Bob Tinkelman) Newsgroups: sci.crypt Subject: Re: Pretty Good (tm) Privacy Message-ID: <1992Jan17.152633.39874@camb.com> Date: 17 Jan 92 15:26:32 EST References: <1992Jan16.172413.6832@iccgcc.decnet.ab.com> <1992Jan17.022348.39873@camb.com> Organization: Cambridge Computer Associates, Inc. Lines: 28 In article <1992Jan17.0...@camb.com>, I had replied to a question asked in sci.crypt about PGP (Phil Zimmermann's Pretty Good Privacy). This message has two parts - an apology and a gripe. First I owe Phil and the net an apology for a breach in netequitte. I forwarded to the net a message from Phil that I'd saved on my system, I'd guess from last summer. It looked like a general posting from Phil to the net, but in fact I had received it in private communications from Phil. I should not have posted it without first getting Phil's permission. I was lazy and didn't check. I was wrong. I'm sorry. Phil called me today and we had a very nice chat. Phil explained that since the time he wrote that document and since the time that PGP was posted at all those ftp sites last June, he has (under pressure from RSA, I assume) agreed not to take any part in the distribution or promotion of PGP. I guess he was concerned that my posting could be interpreted as a violation by him of some agreement. It wasn't. This brings me to my gripe. If it's really true that RSA is threatening Phil with legal action (and Phil clearly does not feel at liberty to talk about this himself) then I think RSA is doing something really wrong. I'd like to find out the truth behind this and talk about it (possibly here in sci.crypt) but I feel frustrated. Clearly as much as he'd like to do so, Phil will not feel at liberty to join us in this discussion. -- Bob Tinkelman, Cambridge Computer Associates, Inc., 212-425-4900, b...@camb.com
Path: sparky!uunet!peregrine!ccicpg!cci632!uupsi!psinntp!rpi!uwm.edu! linac!uchinews!lucpum.it.luc.edu!lucpul.it.luc.edu!hmiller From: hmi...@lucpul.it.luc.edu (Hugh Miller) Newsgroups: sci.crypt Subject: Re: Pretty Good (tm) Privacy Message-ID: <hmiller.695628952@lucpul.it.luc.edu> Date: 17 Jan 92 06:15:52 GMT References: <1992Jan16.172413.6832@iccgcc.decnet.ab.com> Sender: ro...@lucpum.it.luc.edu (System PRIVILEGED Account) Organization: Loyola University Chicago Lines: 65 In <1992Jan16....@iccgcc.decnet.ab.com> lie...@iccgcc.decnet.ab.com (Ed Lieser) writes: > What if you saw Congress trying to pass some invasive, > repressive laws? And what if, single handedly, you could > nullify these laws, forever? Would you do it? > Senate bills S266 and S618 posed just those questions to > Philip Zimmerman, a Boulder software engineer. ... [The > bills] both have language, however, requiring government- > accessible "back doors" in all encryption software produced > or sold in the United States. ... Philip Zimmerman took > direct action. Taking several months off from his regular > paying customers, he wrote the *definitive encryption program > for the masses*. > PGP -- Pretty Good Privacy -- it's called. It's a textbook > example of guerrilla activism based on the Rivest-Shamir-Adelman > public-key cryptosystem.... >The article mentions that he will possibly be sued by the company >controlling licensing of the RSA algorithm, but that the software >is available free via anonymous FTP and on bulletin boards. >I hadn't heard of this program before this. Is it widely known? Yes. And deservedly so. It's a very nice implementation of the RSA algorithm for public key encryption, digital signatures, the whole schmeer. It even includes a command-line option for private-key encryption for files you want to keep yourself, and not send to others; so it's a `switch hitter' in this respect. It's fast, small, and wipes all its scratchfiles on exit. You can even set an environment variable to direct PGP to look on a separate floppy disk if you don't like to keep your collection of keys on your hard drive. When it encrypts a file, it compresses it first (nice: cuts down on upload time and improves strength of encryption). Also, if you're going to be sending the message by e-mail, it has a command line option to produce the ciphertext directly as a uuencoded ASCII file (also nice). Best of all, Phil has thrown in the source code so you can compile it yourself if you don't want to trust somebody else's binaries. Binaries (for MS-DOS) and docfiles are available in a file called PGP10.ZIP, and sourcecode in portable C in one called PGP10SRC.ZIP. Both have been uploaded by now to virtually every BBS in the world, I am sure. They are also available at various sites on the Internet, if you have binary ftp capabilities. I have a short list of sites I'll post tomorrow. Right off the top of my head, I know that both files were at uunet.uu.net in the /tmp subdirectory, last I looked; PGP10.ZIP (MS-DOS binaries) are at garbo.uwasa.fi as well. As to whether Phil will be sued or not, that is in the hands of PK Partners and RSA Associates. He has not been yet. He has signed an agreement not to have anything further to do with distribution of the current version, and as a part of that agreement published a letter in this newsgroup a while back stating same. As to whether or not an algorithm such as RSA ought to be patentable, well... That issue falls outside the mandate of this newsgroup. For the record, I am of the strong opinion that it should NOT be so patentable, and that the Patent Office has gone collectively insane or ideologically around the bend in permitting RSA and other algorithms to be so patented. But I will not engage in a debate on the matter here. -=- Hugh -- Hugh Miller | Dept. of Philosophy | Loyola University of Chicago Voice: 312-508-2727 | FAX: 312-508-2292 | hmi...@lucpul.it.luc.edu "Read broadly, think scientifically, speak briefly, and sell the goods!" -- Sinclair Lewis, _The Man Who Knew Coolidge_
Path: sparky!uunet!usc!apple!netcomsv!rcain From: rc...@netcom.COM (Robert Cain) Newsgroups: sci.crypt Subject: Re: Pretty Good (tm) Privacy Message-ID: <1992Jan18.063519.28425rcain@netcom.COM> Date: 18 Jan 92 06:35:19 GMT References: <10410@lectroid.sw.stratus.com> Organization: Netcom - Online Communication Services (408 241-9760 guest) Lines: 16 Can anyone speak to the question of USING something that is patented if one didn't pay for it. Since the PGP package is now obviously ubiquitous (and a portable Unix version inevitable) what if anything prevents us from setting up a public key archive that we can all enter our keys into and then just using this thing. It may all be very illegal but I would like to know if so and how so. If it can be ascertained that we are not breaking the law by using this thing let's do so and get on with it. If I am not mistaken, I can make and personally use anything that is patented, I just can't sell it. Right or wrong? -- Bob Cain rc...@netcom.com 408-358-2007 "Systems should be described as simply as possible, but no simpler." A. Einstein
Path: sparky!uunet!usc!apple!rutgers!rochester!cantaloupe.srv.cs.cmu.edu!mnr From: mn...@cs.cmu.edu (Marc Ringuette) Newsgroups: sci.crypt Subject: Re: Pretty Good (tm) Privacy Message-ID: <1992Jan19.061618.59212@cs.cmu.edu> Date: 19 Jan 92 06:16:18 GMT Organization: School of Computer Science, Carnegie Mellon Lines: 17 Nntp-Posting-Host: daisy.learning.cs.cmu.edu Originator: m...@DAISY.LEARNING.CS.CMU.EDU I believe the following two things: (1) By law, RSADSI can sue to maintain its monopoly. (2) It is really unfortunate and harmful that they choose to do so. I had a chat with Jim Bidzos last year. He basically said, hey, we're a good operation, so if you need software come get it from us. And since it's possible for them to enforce this suggestion by law, they do so. It's the American way, right? But I will not personally excuse harmful and selfish behavior because it's legal and normal in the business world. RSADSI has done a lot of harm in preventing Internetters from using public key technology, in exchange for possibly nonexistent gains to itself. Shame on you, Jim! [ Marc Ringuette | Cranberry Melon University, Cucumber Science Department ] [ m...@cs.cmu.edu | 412-268-3728 | "I've half a mind to be a vegetable." ]