Re: PGP

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I thought I might add a few things to Darren's message.

On Mon, 29 Dec 1997, Darren Boyd wrote:

>
>Hi Andreas:
>
> I'll start off with a few links you can find more info at. The
>yahoo link has a lot of info on it.
>
> (NOTE: If this link wraps, it wasn't supposed to)
>http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption/PGP___Pretty_Good_Privacy/
>
> PGP, Inc also makes available free versions of PGP. They do it
>through MIT. You can download the free version from the MIT site
>here:
>
>http://web.mit.edu/network/pgp.html
>

There is also an international PGP project that takes the PGP source from
a book that PGP published and porting it to various platforms. It is legal
to export High Level encryption source out of the US if it is written in a
piece of paper, go figure. ;)

For international access to strong encryption(and source code for PGP5.0)
see:
http://www.pgpi.com/

I would be remiss if I did not mention something about the politics
behind why there is an international version of PGP(Unlike international
Netscape it is as strong as domestic PGP).

Note: The PGPi software, if imported to the US, would be illegal to
remove. The US is kind of a Roach Hotel for cryptographically strong
encryption software. Legal, internationally available encryption software
can check in but it can't check out...

Canada is a bit different. All that Canadian law bascially says is that if
you are exporting US encryption software outside of Canada the Canadian
government will allow you to be indicted under US law. However if the
encryption software is approx 50% or more Canadian or of international
origin than you have a get out of US jail free card as far as encryption
is concerned. It is best to consult with Customs and Excise concerning the
software however to determine its bloodlines before exporting this
software outside of Canada once you bring it in. Depending on whether they
consider is of US origin or not will make it either illegal or legal.

Also Canada requires that any unlicensed exported encryption software be
in the public domain. I assume this is so CSIS and any other more secret
organizations can have easy access to it.

> The 5.0 version of pgp has been available for Linux for a couple of
>months now at least.
>
> I believe we downloaded the binary distribution (Terrence could
>confirm this).

I am pretty sure the US version of PGP5.0 is available only in binary. The
international one as said before is in source code form.

>The source distribution wasn't available when we set
>it up. There is a README and a simple install script. It is fairly
>easy to install. This sets up pgp to run on your system, but does not
>set up your email client, that you will have to do yourself. There is
>usually info on the 'Net on how to set up specific email clients.
>

There is actually information within the PGP5.0 distribution
concerning the care and feeding of Pine and PGP together.

PGP50/plugins/README-PINE

It could also be noted that the source code for a pgp key server is freely
available and AFAIK completely exportable since it contains no
encryption code.

We run one on our server keys.its.to. You can get Darren and my current
PGP public keys there. This is pretty much the same server as MIT uses and
is completely compatible with PGP5.0.

If you need any more info let me know.

Regards
Terrence

PGP Public Key: http://www.its.to/twm139/

Good signature made 1997-12-29 19:31 GMT by key:
  1024 bits, Key ID 60A03EB4, Created 1997-10-21
   "Terrence Martin <twm139@its.to>"
   "Terrence Martin <twm139@missing.its.to>"

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBNKf7MAZmkh1goD60EQIReQCeOrABT4A1x21P4tSDk/nMzrs3SYAAoNd/
TquE4yF8WRANcoUh+LrnckoU
=Lw+e
-----END PGP SIGNATURE-----
Received on Mon Dec 29 13:30:53 1997