home *** CD-ROM | disk | FTP | other *** search
- Path: senator-bedfellow.mit.edu!faqserv
- From: jalicqui@prairienet.org
- Newsgroups: alt.security.pgp,alt.answers,news.answers
- Subject: PGP Frequently Asked Questions with Answers, Part 3/3
- Supersedes: <pgp-faq/part3_801484722@rtfm.mit.edu>
- Followup-To: alt.security.pgp
- Date: 23 Jun 1995 12:33:12 GMT
- Organization: none
- Lines: 1352
- Approved: news-answers-request@MIT.EDU
- Expires: 17 Jul 1995 12:32:08 GMT
- Message-ID: <pgp-faq/part3_803910728@rtfm.mit.edu>
- References: <pgp-faq/part1_803910728@rtfm.mit.edu>
- Reply-To: jalicqui@prairienet.org
- NNTP-Posting-Host: bloom-picayune.mit.edu
- Summary: This posting seeks to answer most of the common questions people
- ask about the Pretty Good Privacy (PGP) encryption program.
- X-Last-Updated: 1995/06/23
- Originator: faqserv@bloom-picayune.MIT.EDU
- Xref: senator-bedfellow.mit.edu alt.security.pgp:36816 alt.answers:10168 news.answers:46906
-
- Archive-name: pgp-faq/part3
- Posting-Frequency: monthly
- Last-modified: 22 June 1995
-
- -----BEGIN PGP SIGNED MESSAGE-----
-
- ========================================================================
- Appendix I - PGP add-ons and Related Programs
- ========================================================================
-
- Due to the enormous size this FAQ has begun to take, I have condensed
- this section, using a home-grown format that (I hope) will be easy to
- machine-parse into whatever other formats I can manage.
-
- This list is not exhaustive, nor is it even necessarily correct. Much
- of it is lifted from the old FAQ, and, as a result, some of the links
- are probably out of date. Hopefully, I will be able to weed out the
- bad links and update this over time; the task was too great for me to
- take immediately, however, especially given the pressing need. I
- present it in the hope that it will be helpful.
-
- ========
- Amiga
- ========
-
- PGP Mail Integration Project
- Author: Peter Simons <simons@peti.rhein.de>
- ftp://ftp.uni-kl.de/pub/aminet/comm/mail/PGPMIP.lha
- ftp://ftp.uni-kl.de/pub/aminet/comm/mail/PGPMIT.readme
-
- Automatic PGP encryption for mail over UUCP and SMTP.
- - -----
- PGPAmiga-FrontEnd
- Author: Peter Simons <simons@peti.rhein.de>
-
- GUI front end for Amiga PGP.
- - -----
- StealthPGP 1.0
- ftp://ftp.uni-erlangen.de/pub/aminet/util/crypt/StealthPGP1_0.lha
-
- Tool to remove any header stuff from PGP encrypted
- messages, to make sure nobody recognizes it as
- encrypted text. Source included.
- - -----
- PGPMore 2.3
- ftp://ftp.uni-erlangen.de/pub/aminet/util/crypt/PGPMore2_3.lha
-
- More-like tool which decrypts PGP encrypted blocks
- included in the text before displaying them.
- Useful for decrypting complete mail folders, etc...
-
- ========
- Archimedes
- ========
-
- PGPwimp
- Author: Peter Gaunt
- ftp://ftp.demon.co.uk/pub/archimedes/
-
- A multi-tasking WIMP front-end for PGP (requires RISC OS 3). Operates on
- files - it has no hooks to allow integration with mailers/newsreaders.
- - -----
- RNscripts4PGP
- Author: pla@sktb.demon.co.uk (Paul L. Allen)
- ftp://ftp.demon.co.uk/pub/archimedes/
-
- A collection of scripts and a small BASIC program which integrate PGP
- with the ReadNews mailer/newsreader. Provides encryp, decrypt, sign
- signature- check, add key.
-
- ========
- DOS (Windows utilities are in a separate section)
- ========
-
- Offline AutoPGP
- Author: Stale Schumacher <staalesc@ifi.uio.no>
- ftp://oak.oakland.edu/pub/msdos/security/apgp212.zip
- http://www.ifi.uio.no/~staalesc/AutoPGP/
-
- Integrates PGP with QWK and SOUP offline mail readers.
- - -----
- PGPSort
- Author: Stale Schumacher <staalesc@ifi.uio.no>
- ftp://oak.oakland.edu/pub/msdos/security/pgpsort.zip
- http://www.ifi.uio.no/~staalesc/PGP/PGPSort.html
-
- Sorts your PGP public keyring.
- - -----
- HPack
- ftp://garbo.uwasa.fi/pc/arcers/hpack79.zip
- ftp://garbo.uwasa.fi/pc/doc-soft/hpack79d.zip
- ftp://garbo.uwasa.fi/pc/source/hpack79s.zip
- ftp://garbo.uwasa.fi/unix/arcers/hpack79src.tar.Z
-
- Archiver program (like ZIP) which integrates PGP.
- - -----
- Menu
- ftp://ghost.dsi.unimi.it/pub/crypt/menu.zip
-
- Menu shell for PGP which uses 4DOS.
- - -----
- OzPKE
- CompuServe: EFFSIG lib 15, OZCIS lib 7, EURFORUM lib 1
-
- Integrates PGP into OzCIS, an automated access program for CompuServe.
- - -----
- PGP-Front
- Author: Walter H. van Holst <121233@student.frg.eur.nl>
- ftp://ftp.dsi.unimi.it:/pub/security/crypt/PGP/pgpfront.zip
-
- Interactive shell for PGP; has most functions.
- - -----
- PGPShell
- Author: James Still <still@kailua.colorado.edu>
- ftp://oak.oakland.edu/pub/msdos/security/pgpshe33.zip
- mailto:still@rintintin.colorado.edu (subject "send shell")
-
- Another PGP shell for DOS.
- - -----
- PGS
- ftp://oak.oakland.edu/pub/msdos/security/
-
- Pretty Good PGP Shell or PGS is a complete shell for Philip Zimmermann's
- Pretty Good Privacy (PGP). PGS enables you to do anything that PGP can do
- from the commandline from a, easy to use, front-end shell.
- - -----
- PGPUtils
- ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgputils.zip
-
- Batch files and PIF files for PGP.
- - -----
- PC Yarn
- Author: Chin Huang <cthuang@io.org>
- ftp://oak.oakland.edu/SimTel/msdos/offline/yarn_0xx.zip (xx is version number)
-
- MS-DOS offline mail and news software (using the SOUP packet format)
- that can clearsign or encrypt outgoing messages, and decrypt incoming
- messages to the CRT, a text file, or a mail folder.
-
- ========
- MAC
- ========
-
- ========
- NeXT
- ========
-
- CryptorBundle
- ftp://ftp.informatik.uni-hamburg.de/pub/comp/platforms/next/Mail/apps/
- CryptorBundle-1.0.NI.b.tar.gz
-
- Integrates PGP into Mail.app.
-
- ========
- OS/2
- ========
-
- EPM Macro for PGP
- Author: John C. Frickson <frickson@gibbon.com>
- ftp://ftp.gibbon.com/pub/gcp/gcppgp10.zip
-
- Macro for EPM which places a PGP menu in the menu bar.
-
- ========
- Unix
- ========
-
- PGPsendmail
- ftp://ftp.atnf.csiro.au/pub/people/rgooch/
- ftp://ftp.dhp.com/pub/crypto/pgp/PGPsendmail/
- ftp://ftp.ox.ac.uk/pub/crypto/pgp/utils/
-
- Automatically encrypts by acting as a wrapper for sendmail.
- - -----
- PGPTalk
- ftp://ftp.ox.ac.uk/src/security/pgptalk.zip
-
- Integrates PGP into ytalk for secure private chatting.
- - -----
- Emacs Auto-PGP
- Author: Ian Jackson <ijackson@nyx.cs.du.edu>
-
- This is a package for integrating PGP into GNU Emacs.
- - -----
- Mailcrypt
- Author: jsc@mit.edu (Jin S Choi), patl@lcs.mit.edu (Patrick J. LoPresti)
- ftp://cag.lcs.mit.edu/pub/patl/mailcrypt/
-
- This is an elisp package for encrypting and decrypting mail. I wrote this to
- provide a single interface to the two most common mail encryption programs,
- PGP and RIPEM. You can use either or both in any combination.
- - -----
- mail-secure.el
- Author: Travis J. I. Corcoran (tjic@icd.teradyne.com)
- mailto: tjic@icd.teradyne.com
-
- Complement to Mailcrypt which adds some new features. Requires Mailcrypt.
- - -----
- PGPPAGER
- Author: abottone@minerva1.bull.it (Alessandro Bottonelli)
-
- This program acts as a smart pager for mail, and can automatically
- decrypt the body portion of a message if necessary.
- - -----
- mkpgp
- mailto:slutsky@lipschitz.sfasu.edu
- (auto-replies the mkpgp program; use Subject: mkpgp)
-
- Script for integrating pine and PGP.
- - -----
- PGP Elm
- Author: Kenneth H. Cox <kenc@x-men.viewlogic.com>
- ftp://ftp.viewlogic.com/pub/elm-2.4pl24pgp3.tar.gz
-
- Patched version of elm which is PGP-aware.
- - -----
- PGP Augmented Messaging (was PGP Enhanced Messaging)
- Author: Rick Busdiecker <rfb@cmu.edu>
- ftp://h.gp.cs.cmu.edu/usr/rfb/pem/
-
- Another set of GNU Emacs PGP utilities.
-
- ========
- VAX/VMS
- ========
-
- ENCRYPT.COM
- Author: joleary@esterh.wm.estec.esa.nl (John O'Leary)
-
- ENCRYPT.COM is a VMS mail script that works fine for
- joleary@esterh.wm.estec.esa.nl (John O'Leary)
-
- ========
- Windows (v3, '95, NT)
- ========
-
- PGP Help for the Windows Help engine
- Author: Jeff Sheets <xanthur@aol.com>
- http://netaccess.on.ca/~rbarclay/pgp.html
-
- PGP documentation and help in WinHelp format.
- - -----
- PGPWinFront (PWF)
- Author: Ross Barclay <RBARCLAY@TrentU.ca>
- http://netaccess.on.ca/~rbarclay/index.html
- mailto:rbarclay@trentu.ca (put GET PWF in subject)
-
- Windows front end for PGP. Includes most functions.
- - -----
- J's Windows PGP Shell (JWPS)
- ftp://oak.oakland.edu/pub/msdos/security/
-
- Another Windows front end for PGP. Supports drag-n-drop, clipboard, etc.
- - -----
- PGP Windows
- ftp://oak.oakland.edu/pub/msdos/security/pgpwin.zip
-
- Still another Windows PGP front end.
- - -----
- WinPGP(tm)
- ftp://ftp.firstnet.net/pub/windows/winpgp/pgpw40.zip
- http://www.firstnet.net/~cwgeib/welcome.html
-
- Another PGP Windows shell; this one is shareware.
- - -----
- ZMail Scripts for PGP
- Author: Guy Berliner <berliner@netcom.com>
- ftp://ftp.netcom.com/pub/be/berliner/readme.html
- ftp://kaiwan.com/user/mckinnon/pgp4zm.zip
-
- Scripts for integrating PGP with ZMail, a popular graphical mailer.
- - -----
- Private Idaho
- ftp://ftp.eskimo.com/joelm/pidaho21.zip
- http://www.eskimo.com/~joelm/
-
- A PGP integration tool for various Windows mailers. Supports anonymous
- remailers.
- - -----
- S-Tools
- Author: Andy Brown <asb@nexor.co.uk>
- ftp://mirage.nexor.co.uk/pub/security/steganography/s-tools3.zip
-
- A set of Windows steganography tools.
-
- ========================================================================
- Appendix II - Glossary of Cryptographic Terms
- ========================================================================
-
- ========
- Chosen Plain Text Attack
- ========
-
- This is the next step up from the Known Plain Text Attack. In this
- version, the cryptanalyst can choose what plain text message he wishes
- to encrypt and view the results, as opposed to simply taking any old
- plain text that he might happen to lay his hands on. If he can recover
- the key, he can use it to decode all data encrypted under this key.
- This is a much stronger form of attack than known plain text. The
- better encryption systems will resist this form of attack.
-
- ========
- Clipper
- ========
-
- A chip developed by the United States Government that was to be used
- as the standard chip in all encrypted communications. Aside from the
- fact that all details of how the Clipper chip work remain classified,
- the biggest concern was the fact that it has an acknowledged trap door
- in it to allow the government to eavesdrop on anyone using Clipper
- provided they first obtained a wiretap warrant. This fact, along with
- the fact that it can't be exported from the United States, has led a
- number of large corporations to oppose the idea. Clipper uses an 80
- bit key to perform a series of nonlinear transformation on a 64 bit
- data block.
-
- ========
- DES (Data Encryption Standard)
- ========
-
- A data encryption standard developed by IBM under the auspices of the
- United States Government. It was criticized because the research that
- went into the development of the standard remained classified.
- Concerns were raised that there might be hidden trap doors in the
- logic that would allow the government to break anyone's code if they
- wanted to listen in. DES uses a 56 bit key to perform a series of
- nonlinear transformation on a 64 bit data block. Even when it was
- first introduced a number of years ago, it was criticized for not
- having a long enough key. 56 bits just didn't put it far enough out of
- reach of a brute force attack. Today, with the increasing speed of
- hardware and its falling cost, it would be feasible to build a machine
- that could crack a 56 bit key in under a day's time. It is not known
- if such a machine has really been built, but the fact that it is
- feasible tends to weaken the security of DES substantially.
-
- I would like to thank Paul Leyland <pcl@ox.ac.uk> for the following
- information relating to the cost of building such a DES cracking
- machine:
-
- _Efficient DES Key Search_
-
- At Crypto 93, Michael Wiener gave a paper with the above title. He
- showed how a DES key search engine could be built for $1 million which
- can do exhaustive search in 7 hours. Expected time to find a key from
- a matching pair of 64-bit plaintext and 64-bit ciphertext is 3.5 hours.
-
- So far as I can tell, the machine is scalable, which implies that a
- $100M machine could find keys every couple of minutes or so.
-
- The machine is fairly reliable: an error analysis implies that the mean
- time between failure is about 270 keys.
-
- The final sentence in the abstract is telling: In the light of this
- work, it would be prudent in many applications to use DES in triple-
- encryption mode.
-
- I only have portions of a virtually illegible FAX copy, so please don't
- ask me for much more detail. A complete copy of the paper is being
- snailed to me.
-
- Paul C. Leyland <pcl@ox.ac.uk>
-
- Laszlo Baranyi <laszlo@instrlab.kth.se> says that the full paper is available
- in PostScript from:
-
- ftp://ftp.eff.org/pub/crypto/des_key_search.ps
- ftp://cpsr.org/cpsr/crypto/des/des_key_search.ps
- (cpsr.org also makes it available via their Gopher service)
-
- ========
- EFF (Electronic Frontier Foundation)
- ========
-
- The Electronic Frontier Foundation (EFF) was founded in July, 1990, to assure
- freedom of expression in digital media, with a particular emphasis on
- applying the principles embodied in the Constitution and the Bill of Rights
- to computer-based communication. For further information, contact:
-
- Electronic Frontier Foundation
- 1001 G St., NW
- Suite 950 East
- Washington, DC 20001
- +1 202 347 5400
- +1 202 393 5509 FAX
- Internet: eff@eff.org
-
- ========
- IDEA (International Data Encryption Algorithm)
- ========
-
- Developed in Switzerland and licensed for non-commercial use in PGP.
- IDEA uses a 128 bit user supplied key to perform a series of nonlinear
- mathematical transformations on a 64 bit data block. Compare the
- length of this key with the 56 bits in DES or the 80 bits in Clipper.
-
- ========
- ITAR (International Traffic in Arms Regulations)
- ========
-
- ITAR are the regulations covering the exporting of weapons and weapons
- related technology from the United States. For some strange reason,
- the government claims that data encryption is a weapon and comes under
- the ITAR regulations. There is presently a move in Congress to relax
- the section of ITAR dealing with cryptographic technology.
-
- ========
- Known Plain Text Attack
- ========
-
- A method of attack on a crypto system where the cryptanalyst has
- matching copies of plain text, and its encrypted version. With weaker
- encryption systems, this can improve the chances of cracking the code
- and getting at the plain text of other messages where the plain text
- is not known.
-
- ========
- MD5 (Message Digest Algorithm #5)
- ========
-
- The message digest algorithm used in PGP is the MD5 Message Digest
- Algorithm, placed in the public domain by RSA Data Security, Inc.
- MD5's designer, Ronald Rivest, writes this about MD5:
-
- "It is conjectured that the difficulty of coming up with two messages
- having the same message digest is on the order of 2^64 operations, and
- that the difficulty of coming up with any message having a given
- message digest is on the order of 2^128 operations. The MD5 algorithm
- has been carefully scrutinized for weaknesses. It is, however, a
- relatively new algorithm and further security analysis is of course
- justified, as is the case with any new proposal of this sort. The
- level of security provided by MD5 should be sufficient for implementing
- very high security hybrid digital signature schemes based on MD5 and
- the RSA public-key cryptosystem."
-
- ========
- MPILIB (Multiple Precision Integer Library)
- ========
-
- This is the common name for the set of RSA routines used in PGP 2.3a
- and previous, as well as the international versions of PGP. It is
- alleged to violate PKP's RSA patent in the USA, but is not otherwise
- restricted in usage. It retains its popularity abroad because it
- outperforms RSAREF and has fewer legal restrictions as well.
-
- ========
- NSA (National Security Agency)
- ========
-
- The following information is from the sci.crypt FAQ:
-
- The NSA is the official communications security body of the U.S.
- government. It was given its charter by President Truman in the early
- 50's, and has continued research in cryptology till the present. The
- NSA is known to be the largest employer of mathematicians in the
- world, and is also the largest purchaser of computer hardware in the
- world. Governments in general have always been prime employers of
- cryptologists. The NSA probably possesses cryptographic expertise many
- years ahead of the public state of the art, and can undoubtedly break
- many of the systems used in practice; but for reasons of national
- security almost all information about the NSA is classified.
-
- ========
- One Time Pad
- ========
-
- The one time pad is the ONLY encryption scheme that can be proven to
- be absolutely unbreakable! It is used extensively by spies because it
- doesn't require any hardware to implement and because of its absolute
- security. This algorithm requires the generation of many sets of
- matching encryption keys pads. Each pad consists of a number of random
- key characters. These key characters are chosen completely at random
- using some truly random process. They are NOT generated by any kind of
- cryptographic key generator. Each party involved receives matching
- sets of pads. Each key character in the pad is used to encrypt one and
- only one plain text character, then the key character is never used
- again. Any violation of these conditions negates the perfect security
- available in the one time pad.
-
- So why don't we use the one time pad all the time? The answer is that
- the number of random key pads that need to be generated must be at
- least equal to the volume of plain text messages to be encrypted, and
- the fact that these key pads must somehow be exchanged ahead of time.
- This becomes totally impractical in modern high speed communications
- systems.
-
- Among the more famous of the communications links using a one time pad
- scheme is the Washington to Moscow hot line.
-
- ========
- PEM (Privacy Enhanced Mail)
- ========
-
- The following was taken from the sci.crypt FAQ:
-
- How do I send encrypted mail under UNIX? [PGP, RIPEM, PEM, ...]?
-
- Here's one popular method, using the des command:
-
- cat file | compress | des private_key | uuencode | mail
-
- Meanwhile, there is a de jure Internet standard in the works called
- PEM (Privacy Enhanced Mail). It is described in RFCs 1421 through
- 1424. To join the PEM mailing list, contact pem-dev-request@tis.com.
- There is a beta version of PEM being tested at the time of this
- writing.
-
- There are also two programs available in the public domain for
- encrypting mail: PGP and RIPEM. Both are available by FTP. Each has
- its own news group: alt.security.pgp and alt.security.ripem. Each has
- its own FAQ as well. PGP is most commonly used outside the USA since
- it uses the RSA algorithm without a license and RSA's patent is valid
- only (or at least primarily) in the USA.
-
- [ Maintainer's note: The above paragraph is not fully correct, as MIT
- PGP uses RSAREF as well now. ]
-
- RIPEM is most commonly used inside the USA since it uses the RSAREF
- which is freely available within the USA but not available for
- shipment outside the USA.
-
- Since both programs use a secret key algorithm for encrypting the body
- of the message (PGP used IDEA; RIPEM uses DES) and RSA for encrypting
- the message key, they should be able to interoperate freely. Although
- there have been repeated calls for each to understand the other's
- formats and algorithm choices, no interoperation is available at this
- time (as far as we know).
-
- ========
- PGP (Pretty Good Privacy)
- ========
-
- The program we're discussing. See question 1.1.
-
- ========
- PKP (Public Key Partners)
- ========
-
- A patent holding company that holds many public-key patents, including
- (supposedly) the patent on public-key cryptography itself. Several of
- its patents are not believed by some to be valid, including their
- patent on RSA (which affects PGP).
-
- ========
- RIPEM
- ========
-
- See PEM
-
- ========
- RSA (Rivest-Shamir-Adleman)
- ========
-
- RSA is the public key encryption method used in PGP. RSA are the
- initials of the developers of the algorithm which was done at taxpayer
- expense. The basic security in RSA comes from the fact that, while it
- is relatively easy to multiply two huge prime numbers together to
- obtain their product, it is computationally difficult to go the
- reverse direction: to find the two prime factors of a given composite
- number. It is this one-way nature of RSA that allows an encryption key
- to be generated and disclosed to the world, and yet not allow a
- message to be decrypted.
-
- ========
- RSAREF
- ========
-
- This is the free library RSA Data Security, Inc., made available for
- the purpose of implementing freeware PEM applications. It implements
- several encryption algorithms, including (among others) RSA. MIT PGP
- uses RSAREF's RSA routines to avoid the alleged patent problems
- associated with other versions of PGP.
-
- ========
- Skipjack
- ========
-
- See Clipper
-
- ========
- TEMPEST
- ========
-
- TEMPEST is a standard for electromagnetic shielding for computer
- equipment. It was created in response to the fact that information can
- be read from computer radiation (e.g., from a CRT) at quite a distance
- and with little effort. Needless to say, encryption doesn't do much
- good if the cleartext is available this way. The typical home
- computer WOULD fail ALL of the TEMPEST standards by a long shot. So,
- if you are doing anything illegal, don't expect PGP or any other
- encryption program to save you. The government could just set up a
- monitoring van outside your home and read everything that you are
- doing on your computer.
-
- Short of shelling out the ten thousand dollars or so that it would
- take to properly shield your computer, a good second choice might be a
- laptop computer running on batteries. No emissions would be fed back
- into the power lines, and the amount of power being fed to the display
- and being consumed by the computer is much less than the typical home
- computer and CRT. This provides a much weaker RF field for snoopers to
- monitor. It still isn't safe, just safer. In addition, a laptop
- computer has the advantage of not being anchored to one location.
- Anyone trying to monitor your emissions would have to follow you
- around, maybe making themselves a little more obvious. I must
- emphasize again that a laptop still is NOT safe from a tempest
- standpoint, just safer than the standard personal computer.
-
-
- ========================================================================
- Appendix III - Cypherpunks
- ========================================================================
-
- ========
- What are Cypherpunks?
- ========
-
- ========
- What is the cypherpunks mailing list?
- ========
-
- Eric Hughes <hughes@toad.com> runs the "cypherpunk" mailing list
- dedicated to "discussion about technological defenses for privacy in
- the digital domain." Frequent topics include voice and data
- encryption, anonymous remailers, and the Clipper chip. Send e-mail to
- majordomo@toad.com with "subscribe cypherpunks" in the body to be
- added or subtracted from the list. The mailing list itself is
- cypherpunks@toad.com. You don't need to be a member of the list in
- order to send messages to it, thus allowing the use of anonymous
- remailers to post your more sensitive messages that you just as soon
- would not be credited to you. (Traffic is sometimes up to 30-40
- messages per day.)
-
- ========
- What is the purpose of the Cypherpunk remailers?
- ========
-
- The purpose of these remailers is to take privacy one level further.
- While a third party who is snooping on the net may not be able to read
- the encrypted mail that you are sending, he is still able to know who
- you are sending mail to. This could possibly give him some useful
- information. This is called traffic flow analysis. To counter this
- type of attack, you can use a third party whose function is simply to
- remail your message with his return address on it instead of yours.
-
- Two types of remailers exist. The first type only accepts plain text
- remailing headers. This type would only be used if your goal was only
- to prevent the person to whom your are sending mail from learning your
- identity. It would do nothing for the problem of net eavesdroppers
- from learning to whom you are sending mail.
-
- The second type of remailer accepts encrypted remailing headers. With
- this type of remailer, you encrypt your message twice. First, you
- encrypt it to the person ultimately receiving the message. You then
- add the remailing header and encrypt it again using the key for the
- remailer that you are using. When the remailer receives your message,
- the system will recognize that the header is encrypted and will use
- its secret decryption key to decrypt the message. He can now read the
- forwarding information, but because the body of the message is still
- encrypted in the key of another party, he is unable to read your mail.
- He simply remails the message to the proper destination. At its
- ultimate destination, the recipient uses his secret to decrypt this
- nested encryption and reads the message.
-
- Since this process of multiple encryptions and remailing headers can
- get quite involved, there are several programs available to simplify
- the process. FTP to soda.berkeley.edu and examine the directory
- /pub/cypherpunks/remailers for the programs that are available.
-
- ========
- Where are the currently active Cypherpunk remailers?
- ========
-
- Raph Levien maintains a list of currently active remailers. The list,
- unfortunately, seems to change often as remailers are shut down for
- whatever reasons; therefore, I am not printing a list here. You can
- get the list by fingering remailer-list@kiwi.cs.berkeley.edu.
-
- ========
- Are there other anonymous remailers besides the cypherpunk remailers?
- ========
-
- Yes, the most commonly used remailer on the Internet is in Finland. It
- is known as anon.penet.fi. The syntax for sending mail through this
- remailer is different from the cypherpunk remailers. For example, if
- you wanted to send mail to me (gbe@netcom.com) through anon.penet.fi,
- you would send the mail to "gbe%netcom.com@anon.penet.fi". Notice that
- the "@" sign in my Internet address is changed to a "%". Unlike the
- cypherpunk remailers, anon.penet.fi directly supports anonymous return
- addresses. Anybody using the remailer is assigned an anonymous id of
- the form "an?????" where "?????" is filled in with a number
- representing that user. To send mail to someone when you only know
- their anonymous address, address your mail to "an?????@anon.penet.fi"
- replacing the question marks with the user id you are interested in.
- For additional information on anon.penet.fi, send a blank message to
- "help@anon.penet.fi". You will receive complete instructions on how to
- use the remailer, including how to obtain a pass phrase on the system.
-
- ========
- What is the remailer command syntax?
- ========
-
- The first non blank line in the message must start with two colons
- (::). The next line must contain the user defined header
- "Request-Remailing-To: <destination>". This line must be followed by a
- blank line. Finally, your message can occupy the rest of the space. As
- an example, if you wanted to send a message to me via a remailer, you
- would compose the following message:
-
- ::
- Request-Remailing-To: gbe@netcom.com
-
- [body of message]
-
- You would then send the above message to the desired remailer. Note
- the section labeled "body of message" may be either a plain text
- message, or an encrypted and armored PGP message addressed to the
- desired recipient. To send the above message with an encrypted header,
- use PGP to encrypt the entire message shown above to the desired
- remailer. Be sure to take the output in armored text form. In front of
- the BEGIN PGP MESSAGE portion of the file, insert two colons (::) as
- the first non-blank line of the file. The next line should say
- "Encrypted: PGP". Finally the third line should be blank. The message
- now looks as follows:
-
- ::
- Encrypted: PGP
-
- -----BEGIN PGP MESSAGE-----
- Version 2.3a
-
- [body of pgp message]
- -----END PGP MESSAGE-----
-
- You would then send the above message to the desired remailer
- just as you did in the case of the non-encrypted header. Note that it
- is possible to chain remailers together so that the message passes
- through several levels of anonymity before it reaches its ultimate
- destination.
-
- ========
- Where can I learn more about Cypherpunks?
- ========
-
- ftp://ftp.csua.berkeley.edu/pub/cypherpunks
-
- =======================================================================
- Appendix IV - Testimony of Philip Zimmermann to Congress.
- Reproduced by permission.
- =======================================================================
-
- - From netcom.com!netcomsv!decwrl!sdd.hp.com!col.hp.com!csn!yuma!ld231782 Sun
- Oct 10 07:55:51 1993
- Xref: netcom.com talk.politics.crypto:650 comp.org.eff.talk:20832
- alt.politics.org.nsa:89
- ~Newsgroups: talk.politics.crypto,comp.org.eff.talk,alt.politics.org.nsa
- Path: netcom.com!netcomsv!decwrl!sdd.hp.com!col.hp.com!csn!yuma!ld231782
- ~From: ld231782@LANCE.ColoState.Edu (L. Detweiler)
- ~Subject: ZIMMERMANN SPEAKS TO HOUSE SUBCOMMITTEE
- ~Sender: news@yuma.ACNS.ColoState.EDU (News Account)
- Message-ID: <Oct10.044212.45343@yuma.ACNS.ColoState.EDU>
- ~Date: Sun, 10 Oct 1993 04:42:12 GMT
- Nntp-Posting-Host: turner.lance.colostate.edu
- Organization: Colorado State University, Fort Collins, CO 80523
- ~Lines: 281
-
-
- ~Date: Sat, 9 Oct 93 11:57:54 MDT
- ~From: Philip Zimmermann <prz@acm.org>
- ~Subject: Zimmerman testimony to House subcommittee
-
-
- Testimony of Philip Zimmermann to
- Subcommittee for Economic Policy, Trade, and the Environment
- US House of Representatives
- 12 Oct 1993
-
-
-
- Mr. Chairman and members of the committee, my name is Philip
- Zimmermann, and I am a software engineer who specializes in
- cryptography and data security. I'm here to talk to you today about
- the need to change US export control policy for cryptographic
- software. I want to thank you for the opportunity to be here and
- commend you for your attention to this important issue.
-
- I am the author of PGP (Pretty Good Privacy), a public-key encryption
- software package for the protection of electronic mail. Since PGP was
- published domestically as freeware in June of 1991, it has spread
- organically all over the world and has since become the de facto
- worldwide standard for encryption of E-mail. The US Customs Service
- is investigating how PGP spread outside the US. Because I am a target
- of this ongoing criminal investigation, my lawyer has advised me not
- to answer any questions related to the investigation.
-
- I. The information age is here.
-
- Computers were developed in secret back in World War II mainly to
- break codes. Ordinary people did not have access to computers,
- because they were few in number and too expensive. Some people
- postulated that there would never be a need for more than half a
- dozen computers in the country. Governments formed their attitudes
- toward cryptographic technology during this period. And these
- attitudes persist today. Why would ordinary people need to have
- access to good cryptography?
-
- Another problem with cryptography in those days was that cryptographic
- keys had to be distributed over secure channels so that both parties
- could send encrypted traffic over insecure channels. Governments
- solved that problem by dispatching key couriers with satchels
- handcuffed to their wrists. Governments could afford to send guys
- like these to their embassies overseas. But the great masses of
- ordinary people would never have access to practical cryptography if
- keys had to be distributed this way. No matter how cheap and powerful
- personal computers might someday become, you just can't send the keys
- electronically without the risk of interception. This widened the
- feasibility gap between Government and personal access to cryptography.
-
- Today, we live in a new world that has had two major breakthroughs
- that have an impact on this state of affairs. The first is the
- coming of the personal computer and the information age. The second
- breakthrough is public-key cryptography.
-
- With the first breakthrough comes cheap ubiquitous personal
- computers, modems, FAX machines, the Internet, E-mail, digital
- cellular phones, personal digital assistants (PDAs), wireless digital
- networks, ISDN, cable TV, and the data superhighway. This
- information revolution is catalyzing the emergence of a global
- economy.
-
- But this renaissance in electronic digital communication brings with
- it a disturbing erosion of our privacy. In the past, if the
- Government wanted to violate the privacy of ordinary citizens, it had
- to expend a certain amount of effort to intercept and steam open and
- read paper mail, and listen to and possibly transcribe spoken
- telephone conversation. This is analogous to catching fish with a
- hook and a line, one fish at a time. Fortunately for freedom and
- democracy, this kind of labor-intensive monitoring is not practical
- on a large scale.
-
- Today, electronic mail is gradually replacing conventional paper
- mail, and is soon to be the norm for everyone, not the novelty is is
- today. Unlike paper mail, E-mail messages are just too easy to
- intercept and scan for interesting keywords. This can be done
- easily, routinely, automatically, and undetectably on a grand scale.
- This is analogous to driftnet fishing-- making a quantitative and
- qualitative Orwellian difference to the health of democracy.
-
- The second breakthrough came in the late 1970s, with the mathematics
- of public key cryptography. This allows people to communicate
- securely and conveniently with people they've never met, with no
- prior exchange of keys over secure channels. No more special key
- couriers with black bags. This, coupled with the trappings of the
- information age, means the great masses of people can at last use
- cryptography. This new technology also provides digital signatures
- to authenticate transactions and messages, and allows for digital
- money, with all the implications that has for an electronic digital
- economy. (See appendix)
-
- This convergence of technology-- cheap ubiquitous PCs, modems, FAX,
- digital phones, information superhighways, et cetera-- is all part of
- the information revolution. Encryption is just simple arithmetic to
- all this digital hardware. All these devices will be using
- encryption. The rest of the world uses it, and they laugh at the US
- because we are railing against nature, trying to stop it. Trying to
- stop this is like trying to legislate the tides and the weather. It's
- like the buggy whip manufacturers trying to stop the cars-- even with
- the NSA on their side, it's still impossible. The information
- revolution is good for democracy-- good for a free market and trade.
- It contributed to the fall of the Soviet empire. They couldn't stop
- it either.
-
- Soon, every off-the-shelf multimedia PC will become a secure voice
- telephone, through the use of freely available software. What does
- this mean for the Government's Clipper chip and key escrow systems?
-
- Like every new technology, this comes at some cost. Cars pollute the
- air. Cryptography can help criminals hide their activities. People
- in the law enforcement and intelligence communities are going to look
- at this only in their own terms. But even with these costs, we still
- can't stop this from happening in a free market global economy. Most
- people I talk to outside of Government feel that the net result of
- providing privacy will be positive.
-
- President Clinton is fond of saying that we should "make change our
- friend". These sweeping technological changes have big implications,
- but are unstoppable. Are we going to make change our friend? Or are
- we going to criminalize cryptography? Are we going to incarcerate
- our honest, well-intentioned software engineers?
-
- Law enforcement and intelligence interests in the Government have
- attempted many times to suppress the availability of strong domestic
- encryption technology. The most recent examples are Senate Bill 266
- which mandated back doors in crypto systems, the FBI Digital
- Telephony bill, and the Clipper chip key escrow initiative. All of
- these have met with strong opposition from industry and civil liberties
- groups. It is impossible to obtain real privacy in the information
- age without good cryptography.
-
- The Clinton Administration has made it a major policy priority to
- help build the National Information Infrastructure (NII). Yet, some
- elements of the Government seems intent on deploying and entrenching
- a communications infrastructure that would deny the citizenry the
- ability to protect its privacy. This is unsettling because in a
- democracy, it is possible for bad people to occasionally get
- elected-- sometimes very bad people. Normally, a well-functioning
- democracy has ways to remove these people from power. But the wrong
- technology infrastructure could allow such a future government to
- watch every move anyone makes to oppose it. It could very well be
- the last government we ever elect.
-
- When making public policy decisions about new technologies for the
- Government, I think one should ask oneself which technologies would
- best strengthen the hand of a police state. Then, do not allow the
- Government to deploy those technologies. This is simply a matter of
- good civic hygiene.
-
- II. Export controls are outdated and are a threat to privacy and
- economic competitivness.
-
- The current export control regime makes no sense anymore, given
- advances in technology.
-
- There has been considerable debate about allowing the export of
- implementations of the full 56-bit Data Encryption Standard (DES).
- At a recent academic cryptography conference, Michael Wiener of Bell
- Northern Research in Ottawa presented a paper on how to crack the DES
- with a special machine. He has fully designed and tested a chip that
- guesses DES keys at high speed until it finds the right one.
- Although he has refrained from building the real chips so far, he can
- get these chips manufactured for $10.50 each, and can build 57000 of
- them into a special machine for $1 million that can try every DES key
- in 7 hours, averaging a solution in 3.5 hours. $1 million can be
- hidden in the budget of many companies. For $10 million, it takes 21
- minutes to crack, and for $100 million, just two minutes. That's
- full 56-bit DES, cracked in just two minutes. I'm sure the NSA can
- do it in seconds, with their budget. This means that DES is now
- effectively dead for purposes of serious data security applications.
- If Congress acts now to enable the export of full DES products, it
- will be a day late and a dollar short.
-
- If a Boeing executive who carries his notebook computer to the Paris
- airshow wants to use PGP to send email to his home office in Seattle,
- are we helping American competitivness by arguing that he has even
- potentially committed a federal crime?
-
- Knowledge of cryptography is becoming so widespread, that export
- controls are no longer effective at controlling the spread of this
- technology. People everywhere can and do write good cryptographic
- software, and we import it here but cannot export it, to the detriment
- of our indigenous software industry.
-
- I wrote PGP from information in the open literature, putting it into
- a convenient package that everyone can use in a desktop or palmtop
- computer. Then I gave it away for free, for the good of our
- democracy. This could have popped up anywhere, and spread. Other
- people could have and would have done it. And are doing it. Again
- and again. All over the planet. This technology belongs to
- everybody.
-
- III. People want their privacy very badly.
-
- PGP has spread like a prairie fire, fanned by countless people who
- fervently want their privacy restored in the information age.
-
- Today, human rights organizations are using PGP to protect their
- people overseas. Amnesty International uses it. The human rights
- group in the American Association for the Advancement of Science uses
- it.
-
- Some Americans don't understand why I should be this concerned about
- the power of Government. But talking to people in Eastern Europe, you
- don't have to explain it to them. They already get it-- and they
- don't understand why we don't.
-
- I want to read you a quote from some E-mail I got last week from
- someone in Latvia, on the day that Boris Yeltsin was going to war
- with his Parliament:
-
- "Phil I wish you to know: let it never be, but if dictatorship
- takes over Russia your PGP is widespread from Baltic to Far East
- now and will help democratic people if necessary. Thanks."
-
-
-
- Appendix -- How Public-Key Cryptography Works
- - ---------------------------------------------
-
- In conventional cryptosystems, such as the US Federal Data Encryption
- Standard (DES), a single key is used for both encryption and
- decryption. This means that a key must be initially transmitted via
- secure channels so that both parties have it before encrypted
- messages can be sent over insecure channels. This may be
- inconvenient. If you have a secure channel for exchanging keys, then
- why do you need cryptography in the first place?
-
- In public key cryptosystems, everyone has two related complementary
- keys, a publicly revealed key and a secret key. Each key unlocks the
- code that the other key makes. Knowing the public key does not help
- you deduce the corresponding secret key. The public key can be
- published and widely disseminated across a communications network.
- This protocol provides privacy without the need for the same kind of
- secure channels that a conventional cryptosystem requires.
-
- Anyone can use a recipient's public key to encrypt a message to that
- person, and that recipient uses her own corresponding secret key to
- decrypt that message. No one but the recipient can decrypt it,
- because no one else has access to that secret key. Not even the
- person who encrypted the message can decrypt it.
-
- Message authentication is also provided. The sender's own secret key
- can be used to encrypt a message, thereby "signing" it. This creates
- a digital signature of a message, which the recipient (or anyone
- else) can check by using the sender's public key to decrypt it. This
- proves that the sender was the true originator of the message, and
- that the message has not been subsequently altered by anyone else,
- because the sender alone possesses the secret key that made that
- signature. Forgery of a signed message is infeasible, and the sender
- cannot later disavow his signature.
-
- These two processes can be combined to provide both privacy and
- authentication by first signing a message with your own secret key,
- then encrypting the signed message with the recipient's public key.
- The recipient reverses these steps by first decrypting the message
- with her own secret key, then checking the enclosed signature with
- your public key. These steps are done automatically by the
- recipient's software.
-
-
-
- - --
- Philip Zimmermann
- 3021 11th Street
- Boulder, Colorado 80304
- 303 541-0140
- E-mail: prz@acm.org
-
-
-
- - --
-
- ld231782@longs.LANCE.ColoState.EDU
-
- ========================================================================
- Appendix V - The Philip Zimmermann Defense Fund.
- All articles reproduced by permission.
- ========================================================================
-
- Evidently, providing "free crypto for the masses" has its down side.
-
- The government is investigating Phil Zimmermann, the original author
- of PGP, for alleged violations of the ITAR export regulations
- prohibiting the unlicensed export of cryptographic equipment. They do
- not seem to believe that Phil himself actually exported PGP; rather,
- they claim that making the program available in a way that it could be
- exported is itself export (such as giving it away without
- restriction).
-
- As of this writing, the investigation is just that. In January,
- Phil's lawyers met with the government lawyers to discuss the case.
- The outcome of the meeting is unclear at this point, though the
- meeting was described as "cordial" by Phillip Dubois, Phil
- Zimmermann's lawyer.
-
- Even though it's "just an investigation", it's been an expensive one.
- Phil immediately had to go out and get legal representation to try to
- combat this "investigation" and prepare for its possible result. He's
- got a really good legal team, and they have done a lot of their work
- pro bono in support of the cause. Unfortunately, there are still
- costs associated with legal fights like this one. Phil's got quite a
- bill so far.
-
- To help offset his costs, Phil and his legal team have set up a legal
- defense fund for contributions. It's currently way in the red, but
- it's better than paying the whole bill outright. If charges actually
- get filed, the total bill could soar up into the millions; not a fun
- thing to have happen to you after providing such a nice (if
- controversial) public service. And spending all these millions
- doesn't guarantee that he won't be convicted and spend some time in
- jail; that's something not even a legal defense fund can pay for.
-
- Several companies who benefit from the use of PGP have indicated that
- they will donate a portion of their profits from certain activities to
- the legal defense fund. Here is a partial list:
-
- First Virtual Holdings Incorporated
- Four11 Directory Services
- ViaCrypt
- Christopher Geib (the author of the shareware WinPGP)
-
- Additions to this list would be appreciated.
-
- More information can be had by sending E-mail to zldf@clark.net or by
- visiting the information page set up for the fund:
-
- http://www.netresponse.com/zldf
-
- Also, the legal team has also asked that anyone who has been
- approached by a federal investigator and questioned about Phil
- Zimmermann please contact Phillip Dubois [dubois@csn.org,
- 303/444-3885, 2305 Broadway, Boulder, CO 80304-4132].
-
- Here's the original article announcing the fund:
-
- =====
- - From prz@columbine.cgd.ucar.EDU Thu Oct 14 23:16:32 1993
- Return-Path: <prz@columbine.cgd.ucar.EDU>
- Received: from ncar.ucar.edu by mail.netcom.com (5.65/SMI-4.1/Netcom)
- id AA05680; Thu, 14 Oct 93 23:16:29 -0700
- Received: from sage.cgd.ucar.edu by ncar.ucar.EDU (5.65/ NCAR Central Post
- Office 03/11/93)
- id AA01642; Fri, 15 Oct 93 00:15:34 MDT
- Received: from columbine.cgd.ucar.edu by sage.cgd.ucar.EDU (5.65/ NCAR Mail
- Server 04/10/90)
- id AA22977; Fri, 15 Oct 93 00:14:08 MDT
- Message-Id: <9310150616.AA09815@columbine.cgd.ucar.EDU>
- Received: by columbine.cgd.ucar.EDU (4.1/ NCAR Mail Server 04/10/90)
- id AA09815; Fri, 15 Oct 93 00:16:57 MDT
- ~Subject: PGP legal defense fund
- To: gbe@netcom.com (Gary Edstrom)
- ~Date: Fri, 15 Oct 93 0:16:56 MDT
- ~From: Philip Zimmermann <prz@columbine.cgd.ucar.EDU>
- In-Reply-To: <9310112013.AA07737@netcom5.netcom.com>; from "Gary Edstrom" at
- Oct 11, 93 1:13 pm
- ~From: Philip Zimmermann <prz@acm.org>
- ~Reply-To: Philip Zimmermann <prz@acm.org>
- X-Mailer: ELM [version 2.3 PL0]
- Status: OR
-
-
- ~Date: Fri, 24 Sep 1993 02:41:31 -0600 (CDT)
- ~From: hmiller@orion.it.luc.edu (Hugh Miller)
- ~Subject: PGP defense fund
-
- As you may already know, on September 14 LEMCOM Systems (ViaCrypt)
- in Phoenix, Arizona was served with a subpoena issued by the US District
- Court of Northern California to testify before a grand jury and produce
- documents related to "ViaCrypt, PGP, Philip Zimmermann, and anyone or
- any entity acting on behalf of Philip Zimmermann for the time period
- June 1, 1991 to the present."
-
- Phil Zimmermann has been explicitly told that he is the primary
- target of the investigation being mounted from the San Jose office of
- U.S. Customs. It is not known if there are other targets. Whether or
- not an indictment is returned in this case, the legal bills will be
- astronomical.
-
- If this case comes to trial, it will be one of the most important
- cases in recent times dealing with cryptography, effective
- communications privacy, and the free flow of information and ideas in
- cyberspace in the post-Cold War political order. The stakes are high,
- both for those of us who support the idea of effective personal
- communications privacy and for Phil, who risks jail for his selfless and
- successful effort to bring to birth "cryptography for the masses,"
- a.k.a. PGP. Export controls are being used as a means to curtail
- domestic access to effective cryptographic tools: Customs is taking the
- position that posting cryptographic code to the Internet is equivalent
- to exporting it. Phil has assumed the burden and risk of being the
- first to develop truly effective tools with which we all might secure
- our communications against prying eyes, in a political environment
- increasingly hostile to such an idea -- an environment in which Clipper
- chips and Digital Telephony bills are our own government's answer to our
- concerns. Now is the time for us all to step forward and help shoulder
- that burden with him.
-
- Phil is assembling a legal defense team to prepare for the
- possibility of a trial, and he needs your help. This will be an
- expensive affair, and the meter is already ticking. I call on all of us,
- both here in the U.S. and abroad, to help defend Phil and perhaps
- establish a groundbreaking legal precedent. A legal trust fund has been
- established with Phil's attorney in Boulder. Donations will be accepted
- in any reliable form, check, money order, or wire transfer, and in any
- currency. Here are the details:
-
- To send a check or money order by mail, make it payable, NOT to Phil
- Zimmermann, but to Phil's attorney, Philip Dubois. Mail the check or money
- order to the following address:
-
- Philip Dubois
- 2305 Broadway
- Boulder, CO USA 80304
- (Phone #: 303-444-3885)
-
- To send a wire transfer, your bank will need the following
- information:
-
- Bank: VectraBank
- Routing #: 107004365
- Account #: 0113830
- Account Name: "Philip L. Dubois, Attorney Trust Account"
-
- Any funds remaining after the end of legal action will be returned
- to named donors in proportion to the size of their donations.
-
- You may give anonymously or not, but PLEASE - give generously. If
- you admire PGP, what it was intended to do and the ideals which animated
- its creation, express your support with a contribution to this fund.
-
- - -----------------------------------------------------------------------
-
- Posted to: alt.security.pgp; sci.crypt; talk.politics.crypto;
- comp.org.eff.talk; comp.society.cu-digest; comp.society; alt.sci.sociology;
- alt.security.index; alt.security.keydist; alt.security;
- alt.society.civil-liberty; alt.society.civil-disob; alt.society.futures
-
- - --
-
- Hugh Miller | Asst. Prof. of Philosophy | Loyola University Chicago
- FAX: 312-508-2292 | Voice: 312-508-2727 | hmiller@lucpul.it.luc.edu
- PGP 2.3A Key fingerprint: FF 67 57 CC 0C 91 12 7D 89 21 C7 12 F7 CF C5 7E
- =====
-
- European users of PGP may also make contributions to the fund, as
- described in the following message posted to alt.security.pgp. Note
- that this fund is not endorsed or managed by the people managing the
- real legal defense fund; it is intended as a medium for Europeans (and
- others) to be able to contribute to the fund easily.
-
- =====
- - -----BEGIN PGP SIGNED MESSAGE-----
-
- This is a call for donations to support Philip Zimmermann, the
- author of Pretty Good Privacy (PGP), directed especially to the
- european users.
-
- To avoid the large bank fees when transferring money to the
- United States or when issuing checks to overseas, I have established
- an european legal trust fund for your convenience. First of all, I'd
- like to inform you what this legal trust fund is all about in the
- first place. If you already know Phil's situation, you might skip the
- quoted message below. I am using parts of the "request for donations"
- as it was posted by Philip Dubois, Zimmermann's lawyer.
-
- | As you may already know, on September 14 LEMCOM Systems (ViaCrypt)
- | in Phoenix, Arizona was served with a subpoena issued by the US
- | District Court of Northern California to testify before a grand
- | jury and produce documents related to "ViaCrypt, PGP, Philip
- | Zimmermann, and anyone or any entity acting on behalf of Philip
- | Zimmermann for the time period June 1, 1991 to the present."
- |
- | Phil Zimmermann has been explicitly told that he is the primary
- | target of the investigation being mounted from the San Jose office
- | of U.S. Customs. It is not known if there are other targets.
- | Whether or not an indictment is returned in this case, the legal
- | bills will be astronomical.
- |
- | If this case comes to trial, it will be one of the most important
- | cases in recent times dealing with cryptography, effective
- | communications privacy, and the free flow of information and ideas
- | in cyberspace in the post-Cold War political order. The stakes are
- | high, both for those of us who support the idea of effective
- | personal communications privacy and for Phil, who risks jail for
- | his selfless and successful effort to bring to birth "cryptography
- | for the masses," a.k.a. PGP. Export controls are being used as a
- | means to curtail domestic access to effective cryptographic tools:
- | Customs is taking the position that posting cryptographic code to
- | the Internet is equivalent to exporting it. Phil has assumed the
- | burden and risk of being the first to develop truly effective tools
- | with which we all might secure our communications against prying
- | eyes, in a political environment increasingly hostile to such an
- | idea -- an environment in which Clipper chips and Digital Telephony
- | bills are our own government's answer to our concerns. Now is the
- | time for us all to step forward and help shoulder that burden with
- | him.
- |
- | Phil is assembling a legal defense team to prepare for the
- | possibility of a trial, and he needs your help. This will be an
- | expensive affair, and the meter is already ticking. I call on all
- | of us, both here in the U.S. and abroad, to help defend Phil and
- | perhaps establish a groundbreaking legal precedent. A legal trust
- | fund has been established with Phil's attorney in Boulder.
-
-
- If you wish to donate some money to Philip Zimmermann, you may
- now transfer it to an account here in Germany -- what is usually quite
- a lot cheaper than transferring it to overseas. Here is the
- information you will need:
-
- Account owner: Peter Simons
- Bank : Commerzbank Bonn, Germany
- Account No. : 1112713/00
- Bank No. : 380 400 07
-
- This is NOT my private account! It is only used to collect the
- donations for Philip. Every single dollar I receive will be
- transferred to the account in the States monthly, with minimum fees.
- If you donate any money, you might want to send an e-mail to me
- (simons@peti.rhein.de) and to Philip Dubois (dubois@csn.org) to let us
- know. Sending a copy to Phil's lawyer will furthermore make sure that
- I can by no means keep anything for myself as he knows exactly what
- amount has been given.
-
- If you need any further information, please don't hesitate to
- contact me under simons@peti.rhein.de and I will happily try to help.
- You may get my PGP public key from any keyserver or by fingering
- simons@comma.rhein.de.
-
- Please be generous! Consider that PGP is completely free for you
- to use and Phil got nothing but trouble in return. One can easily
- imagine what a software company had charged you for a tool like that!
-
- Sincerely,
-
- Peter Simons <simons@peti.rhein.de>
-
-
- - -----BEGIN PGP SIGNATURE-----
- Version: 2.6.2i beta
-
- iQCVAgUBL2YWuw9HL1s0103BAQEj9wP9EJwRtjcpCSCG/5p10rfPkgD3tlYs35ds
- HwXOlCdRkFSfVOQ70xhgObgf6iZwv/OFQzfjf83CjLt5CxVpROMvMBGLnJkpTYEJ
- JzXh/22O+E2guWMuGbDgoD83dPXbxWhPCqeJEIP1uNUaT4QQjxB8OOaCfpxLIbCa
- 2lnISYXKZuQ=
- =WrGh
- - -----END PGP SIGNATURE-----
-
- ========================================================================
- Appendix VI - A Statement from ViaCrypt Concerning ITAR
- Reproduced by Permission
- ========================================================================
-
- - -----BEGIN PGP SIGNED MESSAGE-----
-
- The ITAR (International Traffic in Arms Regulations) includes
- a regulation that requires a manufacturer of cryptographic
- products to register with the U.S. State Department even if the
- manufacturer has no intentions of exporting products. It appears
- that this particular regulation is either not widely known, or
- is widely ignored.
-
- While no pressure was placed upon ViaCrypt to register, it is the
- Company's position to comply with all applicable laws and regulations.
- In keeping with this philosophy, ViaCrypt has registered with the
- U.S. Department of State as a munitions manufacturer.
-
- - -----BEGIN PGP SIGNATURE-----
- Version: 2.4
-
- iQCVAgUBLQ+DfmhHpCDLdoUBAQGa+AP/YzLpHBGOgsU4b7DjLYj8KFC4FFACryRJ
- CKaBzeDI30p6y6PZitsMRBv7y2dzDILjYogIP0L3FTRyN36OebgVCXPiUAc3Vaee
- aIdLJ6emnDjt+tVS/dbgx0F+gB/KooMoY3SJiGPE+hUH8p3pNkYmhzeR3xXi9OEu
- GAZdK+E+RRA=
- =o13M
- - -----END PGP SIGNATURE-----
-
- -----BEGIN PGP SIGNATURE-----
- Version: 2.6.2
-
- iQCVAwUBL+kBF7nwkw8DU+OFAQEEWwP/S1EZ+HmzibikWKPDwkqSd4gXsDTM7Zu5
- ePC0Pl0PwJoByXnrhDInMorD5oHSFf8mior+SRZubmgUq0plWhI1Ip5DUp+NYVbg
- k4Eah/P4q57mExNimBlWCwpb72yYs6HKL60eqEZzQP83DpVJ7VvA7bfMiggZLa1r
- Z8Nk1Nrwcc0=
- =I8Z9
- -----END PGP SIGNATURE-----
-