1994-11-30 - Where to get the latest PGP (Pretty Good Privacy) FAQ

Header Data

From: Michael Paul Johnson <mpj@netcom.com>
To: cypherpunks@toad.com
Message Hash: 05939b5c605731e5480bee9026aee6af1b688db291887a4f94339e9ee31315dc
Message ID: <Pine.3.89.9411301036.A14017-0100000@netcom19>
Reply To: N/A
UTC Datetime: 1994-11-30 18:07:07 UTC
Raw Date: Wed, 30 Nov 94 10:07:07 PST

Raw message

From: Michael Paul Johnson <mpj@netcom.com>
Date: Wed, 30 Nov 94 10:07:07 PST
To: cypherpunks@toad.com
Subject: Where to get the latest PGP (Pretty Good Privacy) FAQ
Message-ID: <Pine.3.89.9411301036.A14017-0100000@netcom19>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

===============================BEGIN SIGNED TEXT=============================

WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP)
(Last modified: 30 November 1994 by Mike Johnson)

WHAT IS THE LATEST VERSION?

 |-----------------+---------------------+---------------------------------|
 | Platform(s)     | Latest Version      | Distribution File Names         |
 |-----------------+---------------------+---------------------------------|
 | DOS, Unix,      | Viacrypt PGP 2.7    | disk sets                       |
 | Mac, Windows,   |                     |                                 |
 | or WinCIM/CSNav |                     |                                 |
 |-----------------+---------------------+---------------------------------|
 | DOS, Unix,      | MIT PGP 2.6.2       | pgp262.zip  (DOS + docs)        |
 | others          |                     | pgp262s.zip (source)            |
 |                 |                     | pg262s.zip source on CompuServe |
 |                 |                     | pgp262.tar.gz (source)          |
 |                 |                     | pgp262.gz (same as above on DOS)|
 |                 |                     | pgp262.tar.Z (source)           |
 |                 |                     | pgp262dc.zip (documentation)    |
 |                 |                     | pg262d.zip (docs on CompuServe) |
 |-----------------+---------------------+---------------------------------|
 | Macintosh       | MIT PGP 2.6         | MacPGP2.6.sea.hqx (binary+docs) |
 |                 |                     | macpgp26.hqx (same as above)    |
 |                 |                     | MacPGP2.6.src.sea.hqx (source)  |
 |                 |                     | macpgp26.src (same as above)    |
 |                 |                     | MacPGP2.6-68000.sea.hqx (binary)|
 |                 |                     | mcpgp268.hqx (same as above)    |
 |-----------------+---------------------+---------------------------------|
 | Mac Applescript | MacPGP 2.6ui v 1.2  | MacPGP-2.6ui-v1.2.sit.hqx       |
 |                 |                     | MacPGP2.6ui_V1.2_sources.cpt.hqx|
 |                 |                     | MacPGP2.6uiV1.2en.cpt.hqx       |
 |                 |                     | MacPGP2.6uiV1.2src.cpt.hqx      |
 |                 |                     | MacPGP2.6uiV1.2.68000.hqx       |
 |-----------------+---------------------+---------------------------------|
 | Amiga           | PGP 2.6.2 Amiga 1.4 | pgp262-a14-000.lha              |
 |                 |                     | pgp262-a14-020.lha              |
 |                 |                     | pgp262-a14-src.lha              |
 |-----------------+---------------------+---------------------------------|
 | Atari           | Atari PGP 2.6ui     | pgp26uib.lzh (binary, docs)     |
 |                 |                     | pgp26uis.lzh                    |
 |-----------------+---------------------+---------------------------------|
 | Archimedes      | Archimedes 2.3a     | ArcPGP23a                       |
 |-----------------+---------------------+---------------------------------|
 | Non-USA version | PGP 2.6.i from      | pgp26i.zip                      |
 | to avoid RSAREF | Stale Schumacher    | pgp26is.zip                     |
 | license.        |                     | pgp26is.tar.gz                  |
 |_________________|_____________________|_________________________________|


WHERE CAN I GET THE PGP VERSION DIRECTLY FROM PHILIP ZIMMERMANN?

This is the MIT version.  For several good reasons, Phil is releasing the
main line freeware PGP through MIT, at net-dist.mit.edu.  See a list of sites
that also carry this version, below, or use this WWW URL:

    http://web.mit.edu/network/pgp-form.html


WHAT IS PGP 2.6.i?

Stale Schumacher <staalesc@ifi.uio.no> released an international version of
PGP built the "right way."  By "right way," I mean that it uses the latest
MIT code, but uses a different rsaglue.c to use the mpilib instead of RSAREF
for RSA calculations, thus including all the latest bug fixes and features in
the main freeware PGP code line, but frees non-USA persons from the
limitations of the RSAREF license.  This release has been as strongly
endorsed by Philip Zimmermann as he can do without incriminating himself.

Naturally, by not using the RSAREF code for RSA calculations, this version is
not legal for use in the USA (other than limited research, etc.), but is fine
anywhere else (like Canada) were RSA patents don't hold.

Note that the latest version of Stale Schumacher's PGP is 2.6.i, 2.6i
(without the second .) was a beta test version that has been superceded.


WHAT IS PGP 2.6ui?

The "unofficial international" versions are really just PGP 2.3a, modified
just enough to make it compatible with MIT PGP 2.6, but do not include all of
the fixes in MIT PGP 2.6 and MIT PGP 2.6.1.  They have a "ui" somewhere in
their file names.  I recommend the use of the "ui" versions only if you are
using a platform for which there is no Viacrypt or MIT PGP that works
properly.  For a version that doesn't use RSAREF, PGP 2.6.i from Stale
Schumacher is a better choice, because it is more up-to-date.


WHERE CAN I GET VIACRYPT PGP?

If you are a commercial user of PGP in the USA or Canada, contact Viacrypt in
Phoenix, Arizona, USA.  The commecial version of PGP is fully licensed to use
the patented RSA and IDEA encryption algorithms in commercial applications,
and may be used in corporate and government environments in the USA and
Canada.  It is fully compatible with, functionally the same as, and just as
strong as the freeware version of PGP. Due to limitations on ViaCrypt's RSA
distribution license, ViaCrypt only distributes executable code and
documentation for it, but they are working on making PGP available for a
variety of platforms.  Call or write to them for the latest information.  The
latest version number for Viacrypt PGP is 2.7.

Here is a brief summary of Viacrypt's currently-available products:

1. ViaCrypt PGP for MS-DOS.  Prices start at $99.98

2. ViaCrypt PGP for UNIX.  Includes executables for the following
   platforms:

     SunOS 4.1.x (SPARC)
     IBM RS/6000 AIX
     HP 9000 Series 700/800 UX
     SCO 386/486 UNIX
     SGI IRIX
     AViiON DG-UX(88/OPEN)

   Prices start at $149.98

     Executables for the following additional platforms are
     available upon request for an additional $30.00 charge.

     BSD 386
     Ultrix MIPS DECstation 4.x


3. ViaCrypt PGP for WinCIM/CSNav.  A special package for users of
   CompuServe.  Prices start at $119.98

Please contact ViaCrypt for quantity discount pricing.

Orders may be placed by calling 800-536-2664 during the hours of 8:30am to
5:00pm MST, Monday - Friday.  They accept VISA, MasterCard, AMEX and Discover
credit cards.

If you have further questions, please feel free to contact:

Paul E. Uhlhorn
Director of Marketing, ViaCrypt Products
Mail:          9033 N. 24th Avenue
               Suite 7
               Phoenix AZ 85021-2847
Phone:         (602) 944-0773
Fax:           (602) 943-2601
Internet:      viacrypt@acm.org
Compuserve:    70304.41


WHERE CAN I GET THE FREEWARE PGP?

These listings are subject to change without notice.  If you find that PGP has
been removed from any of these sites, please let me know so that I can update
this list.  Likewise, if you find PGP on a good site elsewhere (especially on
any BBS that allows first time callers to access PGP for free), please let me
know so that I can update this list.  Because this list changes frequently, I
have not attempted to keep it complete, but there should be enough pointers
to let you easily find PGP.

There are several ways to get the freeware PGP:  ftp, WWW, BBS, CompuServe,
email ftp server, and sneakernet (ask a friend for a copy).  Just don't ask
Philip Zimmermann directly for a copy.


FTP SITES IN NORTH AMERICA

There are some wierd hoops to jump through, thanks to the U. S. Department of
State and the ITAR, at many of these sites.

Telnet to net-dist.mit.edu, log in as getpgp, answer the questions, then ftp
to net-dist.mit.edu and change to the hidden directory named in the telnet
session to get your own copy.

MIT-PGP is for U. S. and Canadian use only, but MIT is only distributing it
within the USA (due to some archaic export control laws).

1.  Read ftp://net-dist.mit.edu/pub/PGP/mitlicen.txt and agree to it.
2.  Read ftp://net-dist.mit.edu/pub/PGP/rsalicen.txt and agree to it.
3.  Telnet to net-dist.mit.edu and log in as getpgp.
4.  Answer the questions and write down the directory name listed.
5.  QUICKLY end the telnet session with ^C and ftp to the indicated directory
    on net-dist.mit.edu (something like /pub/PGP/dist/U.S.-only-????) and get
    the distribution files (see the above chart for names).
    If the hidden directory name is invalid, start over at step 3, above.

You can also get PGP from:

ftp.csn.net/mpj
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/
    See ftp://ftp.csn.net/mpj/README.MPJ for the ???????
    See ftp://ftp.csn.net/mpj/help for more help on negotiating this site's
    export control methods (open to USA and Canada).

ftp.netcom.com/pub/mp/mpj
    ftp://ftp.netcom.com/mp/mpj/I_will_not_export/crypto_???????/pgp/
    See ftp://ftp.netcom.com/pub/mp/mpj/README.MPJ for the ???????
    See ftp://ftp.netcom.com/pub/mp/mpj/help for more help on negotiating this
    site's export control methods.
    TO GET THESE FILES BY EMAIL, send mail to ftp-request@netcom.com
    containing the word HELP in the body of the message for instructions.
    You will have to work quickly to get README.MPJ then the files before
    the ??????? part of the path name changes again (several times a day).

ftp.eff.org
    Follow the instructions found in README.Dist that you get from one of:
    ftp://ftp.eff.org/pub/Net_info/Tools/Crypto/README.Dist
    gopher.eff.org, 1/Net_info/Tools/Crypto
    gopher://gopher.eff.org/11/Net_info/Tools/Crypto
    http://www.eff.org/pub/Net_info/Tools/Crypto/

ftp.csua.berkeley.edu (for U. S. or Canadian users)
    /pub/cypherpunks/pgp/

ftp.wimsey.bc.ca
    /pub/crypto/software/dist/US_or_Canada_only_XXXXXXX/PGP
    (U. S. and Canadian users only)
    See /pub/crypto/software/README for the characters for XXXXXXXX
    This site has all public releases of the freeware PGP.


WORLD WIDE WEB ACCESS

    http://web.mit.edu/network/pgp-form.html
    http://www.ifi.uio.no/~staalesc/PGPVersions.html
    http://www.mantis.co.uk/pgp/pgp.html
    http://rschp2.anu.edu.au:8080/crypt.html
    http://www.eff.org/pub/Net_info/Tools/Crypto/
    http://community.net/community/all/home/solano/sbaldwin

COMPUSERVE

The NCSA Forum sysops have a library (Library 12: Export Controlled) that is
available only to people who send them a message asserting that they are
within the U. S. A.  This library contains PGP.  I have also seen PGP in some
other places on Compuserve.  Try searching for PGP262.ZIP in the IBMFF forum
for up-to-date information on PGP in selected other areas.  The last time I
tried a search like this, PGP was found in the PC World Online forum (GO
PWOFORUM) new uploads area, along with several PGP shells and accessories.
I've also heard that EUROFORUM carries PGP, but have not confirmed this.

Compuserve file names are even more limited than DOS (6.3 instead of the
already lame 8.3), so the file names to look for are PGP262.ZIP, PG262S.ZIP
(source code), PGP262.GZ (Unix source code) and PG262D.ZIP (documentation
only).


BULLETIN BOARD SYSTEMS

Colorado Catacombs BBS
    Mike Johnson, sysop
    Mac and DOS versions of PGP, PGP shells, and some other crypto stuff.
    Also the home of some good Bible search files and some shareware written
    by Mike Johnson, including ATBASH, DLOCK, CRYPTA, CRYPTE, CRYPTMPJ, MCP,
    MDIR, DELETE, PROVERB, SPLIT, ONEPAD, QUICRYPT, etc.
    v.FAST/v.32bis/v.42bis, speeds up to 28,800 bps
    8 data bits, 1 stop, no parity, as fast as your modem will go.
    Use ANSI terminal emulation, of if you can't, try VT-100.
    Free access to PGP.  If busy or no answer, try again later.
    Log in with your own name, or if someone else already used that, try
    a variation on your name or pseudonym.  You can request access to
    crypto software on line, and if you qualify legally under the ITAR,
    you can download on the first call.
    For free access: log in with your own name, answer the questions, then
    select [Q]uestionaire 3 from the [M]ain menu.
    (303) 772-1062  Longmont, Colorado number - 2 lines.
    (303) 938-9654  Boulder, Colorado number forwarded to Longmont number
                    intended for use by people in the Denver, Colorado area.

The Freedom Files BBS, DeLand Florida, USA  904-738-2691

Exec-Net, New York, NY, USA  (Host BBS for the ILink net)  914-667-4567

The Ferret BBS (North Little Rock, Arkansas)
    (501) 791-0124   also   (501) 791-0125
    Special PGP users account:
    login name: PGP USER
    password:   PGP
    This information from: Jim Wenzel <jim.wenzel@grapevine.lrk.ar.us>

CVRC BBS  317-791-9617

CyberGold BBS 601-582-5748

Self-Governor Information Resource, 915-587-7888, El Paso, Texas, USA

In the UK, try 01273-688888

Other BBS -- check your local BBS.  Chances are good that it has any release
that is at least a month old if it has much of a file area at all.


OTHER FTP SITES

    ftp.informatik.uni-hamburg.de
      /pub/virus/crypt/pgp
      This site has most, if not all, of the current PGP files.

    ftp.ox.ac.uk  (163.1.2.4)

    ftp.netcom.com
      /pub/dc/dcosenza -- Some crypto stuff, sometimes includes PGP.
      /pub/gb/gbe/pgpfaq.asc -- frequently asked questions answered.
      /pub/qw/qwerty -- How to MacPGP Guide, largest steganography ftp site as
                     well.  PGP FAQ, crypto FAQ, US Crypto Policy FAQ,
                     Steganograpy software list. MacUtilites for use with
                     MacPGP.  Stealth1.1 + other steganography programs.
                     Send mail to ftp-request@netcom.com with "HELP" in the
                     body of the message if you don't have ftp access.

    ftp.ee.und.ac.za
      /pub/crypto/pgp

    ftp.csua.berkeley.edu
      /pub/cypherpunks/pgp (DOS, MAC)

    ftp.demon.co.uk
      /pub/amiga/pgp
      /pub/archimedes
      /pub/pgp
      /pub/mac/MacPGP

    ftp.informatik.tu-muenchen.de

    ftp.funet.fi

    ftp.dsi.unimi.it
      /pub/security/crypt/PGP

    ftp.tu-clausthal.de (139.174.2.10) (Atari ST/E,TT,Falcon)
      /pub/atari/misc/pgp/pgp26uib.lzh (2.6ui ttp, 2.3a docs)
      /pub/atari/misc/pgp/pgp26uis.lzh (2.6ui sources)
      /pub/atari/misc/pgp/pgp26ui.diffs (Atari diffs for 2.6 sources)

    wuarchive.wustl.edu
      /pub/aminet/util/crypt

    src.doc.ic.ac.uk (Amiga)
      /aminet
      /amiga-boing

    ftp.informatik.tu-muenchen.de
      /pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2)

    iswuarchive.wustl.edu
      pub/aminet/util/crypt (Amiga)

    nic.funet.fi  (128.214.6.100)
      /pub/crypt

    ftp.uni-kl.de (131.246.9.95)
      /pub/aminet/util/crypt

    qiclab.scn.rain.com (147.28.0.97)

    pc.usl.edu (130.70.40.3)

    leif.thep.lu.se (130.235.92.55)

    goya.dit.upm.es (138.4.2.2)

    tupac-amaru.informatik.rwth-aachen.de (137.226.112.31)

    ftp.etsu.edu (192.43.199.20)

    princeton.edu (128.112.228.1)

    pencil.cs.missouri.edu (128.206.100.207)

    ftp.csua.berkeley.edu

    kauri.vuw.ac.nz

    nctuccca.edu.tw
      /PC/wuarchive/pgp/

    ftp.fu-berlin.de:/mac/sys/init/MacPGP2.6uiV1.2en.cpt.hqx.gz

Also, try an archie search for PGP using the command:

    archie -s pgp262  (DOS & Unix Versions)
    archie -s pgp2.6 (MAC Versions)


FTPMAIL

For those individuals who do not have access to FTP, but do have access
to e-mail, you can get FTP files mailed to you.  For information on
this service, send a message saying "Help" to ftpmail@decwrl.dec.com.
You will be sent an instruction sheet on how to use the ftpmail
service.  It works with messages something like this:

>     To: ftpmail@decwrl.dec.com
>     Subject:  Ftpmail request

>     Connect ftp.csua.berkeley.edu
>     chdir pub/cypherpunks/pgp/pgp262
>     uuencode
>     get pgp262.zip
>     quit

Another e-mail service is from nic.funet.fi. Send the following mail message
to mailserv@nic.funet.fi:

    ENCODER uuencode
    SEND pub/crypt/pgp23srcA.zip
    SEND pub/crypt/pgp23A.zip

This will deposit the two zipfiles, as 15 batched messages, in your mailbox
with about 24 hours.  Save and uudecode.

For the ftp sites on netcom, send mail to ftp-request@netcom.com containing
the word HELP in the body of the message.

To get pgp 2.6.i by email:
  Send a message to hypnotech-request@ifi.uio.no with your request in the
  Subject: field.

  Subject             What you will get

  GET pgp26i.zip      MS-DOS executable (uuencoded)
  GET pgp26is.zip     MS-DOS source code (uuencoded)
  GET pgp26is.tar.gz  UNIX source code (uuencoded)

For FAQ information, send e-mail to mail-server@rtfm.mit.edu with
      send usenet/news.answers/ftp-list/faq
in the body of the message.


IS MY COPY OF PGP GOOD?

If you find a version of the PGP package that does not include the PGP User's
Guide, something is wrong.  The manual should always be included in the
package.  PGP should be signed by one of the developers (Philip Zimmermann,
Jeff Schiller, Viacrypt, Stale Schumacher, etc.).  If it isn't, the package
is suspect and should not be used or distributed.  The site you found it on
should remove it so that it does no further harm to others.  To be really
sure, you should get PGP directly from MIT or check the signatures with a
version of PGP that you trust.  The copies of PGP on ftp.csn.net/mpj,
ftp.netcom.com/pub/mp/mpj, and the Colorado Catacombs BBS are direct copies
of the ones on MIT, except that the ones on the BBS include a BBS
advertisement (automatically added by the system when it virus scans new
files) in the outer .zip files.


OTHER PGP DOCUMENTATION

   PGP is rather counter-intuitive to a Mac user. Luckily, there's a
   guide to using MacPGP in
   ftp://ftp.netcom.com/pub/qw/qwerty/Here.is.How.to.MacPGP.

   There is a Frequently Asked Questions document in
   ftp://ftp.netcom.com/pub/gb/gbe/pgpfaq.asc

   For more information on the "time bomb" in PGP, see
   ftp://ftp.csn.net/mpj/pgpbomb.asc

   More PGP details are at
   http://www.pegasus.esprit.ec.org/people/arne/pgp.html

   Windows shells documentation
   http://www.LCS.com/winpgp.html

LANGUAGE MODULES

   These are suitable for most PGP versions.  I am not aware of any
   export/import restrictions on these files.

    German
     * _UK:_ ftp://ftp.ox.ac.uk/src/security/pgp_german.txt
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_german.txt
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/PGP_german_docs.lha

    Italian
     * _IT:_
     ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.italian.tar.gz
     * _FI:_
     ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/PGP/pgp-lang.italian.tar.gz
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.italian.tar.gz

    Japanese
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-msgs-japanese.tar.gz

    Lithuanian
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp23ltk.zip

    Russian
     * _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26ru.zip (MIT version)
     * _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26uir.zip (ui version)
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp26ru.zip

    Spanish
     * _IT:_
     ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.spanish.tar.gz
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.spanish.tar.gz
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.spanish.tar.gz

    Swedish
     * _UK:_ ftp://ftp.ox.ac.uk/src/security/pgp_swedish.txt
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_swedish.txt


MAILINGLISTE FUER PGP UND VERWANDTES  (PGP MAILING LIST IN GERMAN)

Die Listenadresse:

        pgp-friends@fiction.pb.owl.de

Die *Request*adresse (fuer subscribe/unsubscribe und andere Administra-
tiva):

        pgp-friends-request@fiction.pb.owl.de


WHAT IS ALL THIS NONSENSE ABOUT EXPORT CONTROLS?

For a detailed rant, get ftp://ftp.csn.net/mpj/cryptusa.zip

The practical meaning, until the law is corrected to make sense, is that you
are requested to get PGP from sites outside of the USA and Canada if you are
outside of the USA and Canada.  If you are in France, I understand that you
aren't even supposed import it.  Other countries may be worse.  Make sure you
follow the laws of your own country.  If you want to officially export PGP,
you may be able to get permission in limited cases and for a fee.  Contact
the U. S. Department of State for information.


WHAT INTELLECTUAL PROPERTY RESTRICTIONS EXIST IN THE USA?

MIT PGP is only for personal, noncommercial use because of restrictions on
the licensing of both the RSA algorithm (attached to RSAREF) and the IDEA
algorithm.  PKP/RSADSI insist that we use RSAREF instead of the mpi library
for reasons that make sense to them.

For commercial use, use Viacrypt PGP, which is fully licensed to use both the
RSA and IDEA algorithms in commercial and corporate environments (as well as
personal use, of course).

Another restriction is due to an exclusive marketing agreement between Philip
Zimmermann and Viacrypt that applies to the USA and Canada only.  Viacrypt
has exclusive rights to market PGP commercialy in this area of the world.
This means that if you want to market PGP commercially in competition with
Viacrypt in the USA or Canada, you would have to create a new implementation
of the functions of PGP containing none of Philip Zimmermann's copyrighted
code.  You are free to modify existing PGP code for your own use, as long as
you don't sell it.  Phil would also appreciate your checking with him before
you distribute any modified versions of PGP as freeware.

"PGP", "Pretty Good Privacy" and "Phil's Pretty Good Software" are trademarks
owned by Philip Zimmermann.  This means that if you modify an older version of
PGP that was issued under the copyleft license and distribute it without
Phil's permission, you have to call it something else.  This avoids confusing
all of us and protects Phil's good name.


WHAT INTELLECTUAL PROPERTY RESTRICTIONS EXIST IN CANADA?

MIT PGP is only for noncommercial use because of restrictions on the
licensing of the IDEA algorithm.  Because the RSA algorithm isn't patented in
Canada, you are free to use the mpi library instead of RSAREF, if you want
to, thus freeing yourself of the RSAREF license associated with the RSAREF
copyright, which is valid in Canada.

For commercial use, use Viacrypt PGP, which is fully licensed to use the IDEA
algorithm in commercial and corporate environments.

The exclusive marketing agreement with Viacrypt also applies in Canada.  See
the section on USA intellectual property restrictions for more details.


WHAT INTELLECTUAL PROPERTY RESTRICTIONS EXIST OUTSIDE NORTH AMERICA?

MIT PGP is only for noncommercial in areas where there is a patent on
software implementations of the IDEA algorithm.  Because the RSA algorithm
isn't patented outside of the USA, you are free to use the mpi library
instead of RSAREF, if you want to, thus freeing yourself of the RSAREF
license restrictions.  The RSAREF copyright holds outside of the USA, even
though the RSA patent does not.

The IDEA conventional block cipher is covered by US Patent 5,214,703 and
European patent EP 0 482 154 B1.  IDEA is a trademark of Ascom-Tech AG.
Commercial users of IDEA (including commercial use of PGP) may obtain
licensing details from Ph. Baumann, Ascom Tech Ltd., IDEA Lizenz, Postfach
151, CH-4502 Solothurn, Switzerland, Tel ++41 65 242828, Fax ++41 65 242847.


WHAT IS COMMERCIAL USE?

Use some common sense.  If you are running a business and using PGP to
protect credit card numbers sent to you electronically, then you are using
PGP commercially.  Your customers, however, need not buy the commercial
version of PGP just to buy something from you, if that is the only commercial
use they make of PGP (since they are spending, not making, money with PGP).

If you are just encrypting love letters or other personal mail (for which you
don't get paid) on your own personal computer, that is not commercial.  If
you are encrypting official business mail on your for-profit corporation's
computer with PGP, that is commercial use.

Note that there are some gray areas not covered above, and the patent owners
of RSA and IDEA may differ from my interpretation in the areas not covered
above, so if you are in doubt, you should consider the licensing of Viacrypt
PGP (or outside of North America, direct licensing of IDEA) to be cheap legal
insurance.  Indeed, the license fee is probably a lot cheaper than a legal
opinion from a lawyer qualified to make such a judgement.  Note that I am not
a lawyer and the above is not legal advise.  Use it at your own risk.


WHAT IS THE "TIME BOMB" IN MIT PGP 2.6?

There was a version byte change in MIT PGP 2.6 as of 1 September 1994.  See
ftp://ftp.csn.net/mpj/pgpbomb.asc for details.


ARE MY KEYS COMPATIBLE WITH THE OTHER PGP VERSIONS?

If your RSA key modulus length is less than or equal to 1024 bits (I don't
recommend less, unless you have a really slow computer and little patience),
and if your key was generated in the PKCS format, then it will work with any
of the current PGP versions (MIT PGP 2.6, PGP 2.6ui, or Viacrypt PGP 2.7). If
this is not the case, you really should generate a new key that qualifies.

MIT PGP 2.6.2 should be able to use 2048 bit keys.  Generation of 2048 bit
keys is supposed to automatically be enabled in PGP 2.6.2 in December, 1994.
By then, hopefully, most people will have had a chance to upgrade to a
version of PGP that can use them, so longer keys won't be a big problem.  On
the other hand, 1024 bit keys are probably beyond the reach of most criminals
and spies to break, anyway.


MORE WORLD WIDE WEB URLs

  http://draco.centerline.com:8080/~franl/pgp/pgp-mac-faq-hinely.html
  http://draco.centerline.com:8080/~franl/pgp/pgp.html
  http://draco.centerline.com:8080/~franl/crypto/cryptography.html
  http://www.pegasus.esprit.ec.org/people/arne/pgp.html
  http://rschp2.anu.edu.au:8080/crypt.html
  http://ibd.ar.com/PublicKeys.html
  http://www.ifi.uio.no/~staalesc/PGPversions.html

WINDOWS SHELLS

Several shells for running PGP with Microsoft Windows are available at the
same places PGP can be found.


MACPGP KIT

The MacPGP kit is a user interface for the Mac version of PGP.
See ftp://ftp.netcom.com/pub/qw/qwerty
ftp://duke.bwh.harvard.edu:/pub/adam/mcip/MacPGP_icons.sit.hqx
ftp://duke.bwh.harvard.edu:/pub/adam/mcip/MacPGPkit.hqx
ftp://duke.bwh.harvard.edu:/pub/adam/mcip/MacPGPkitSources.sit.hqx


BUGS

See the documentation that comes with PGP in the latest versions for bugs in
the older versions.

The latest versions of PGP may not fully wipe all traces of plain text from a
file when given the -w option.

For more information, see http://www.mit.edu:8001/people/warlord/pgp-faq.html


BETSI - BELLCORE'S TRUSTED SOFTWARE INTEGRITY SYSTEM

For information on this service, send mail to certify@bellcore.com with the
subject help, or check http://info.bellcore.com/BETSI/betsi.html


HOW DO I PUBLISH MY PGP PUBLIC KEY?

There are lots of ways.  One way is to use a key server.  Send mail to one of
these addresses with the single word "help" in the subject line to find out
how to use a key server.

        pgp-public-keys@pgp.iastate.edu
        public-key-server@pgp.ai.mit.edu
        pgp-public-keys@cs.tamu.edu
        pgp-public-keys@chao.sw.oz.au
        pgp-public-keys@jpunix.com
        pgp-public-keys@dsi.unimi.it
        pgp-public-keys@kiae.su
        pgp-public-keys@fbihh.informatik.uni-hamburg.de

        There is also an experimental public key server at
        http://ibd.ar.com/PublicKeys.html

Another way is to upload it to the PGP public keys area of the Colorado
Catacombs BBS (303-772-1062).  Another way is to just send it to your
correspondents.  You could add it to your .plan file so that finger returns
your key.  You could add it to some of your postings.  No matter which way you
do it, you should have your key signed by someone who verifies that your key
belongs to you, so that you don't have someone else generating a key that has
your name on it, but that isn't yours.

Here is my public key:

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.7

mQCNAi4PT2QAAAEEAPPCZnrshEJ9PSnV+mXEwjM4kzJF0kyg2MnLMzo83vWI40ei
jogncqdkXT0c2TQWg+Bsu9ckFoXdId0utumYv0aqd8yI/oU/DwJ1zJrqRL2PFbxe
ZLofHoKFjvq1TiNiJq9ps3jW6iYS4IU1SzyKhjmyE+K0+WyrPPX0zg8FAL9FAAUR
tCdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajiJAJUCBRAu
G3chZXmEuMepZt0BAZtAA/0Rw5mintlUDgHycNbeoyIiMHoLu8jWaCSaiGSt+dDU
1A/bUCo+gorv5TYxOClRf3XHjD6zSooWyUz3ehotrzPYLunhVOE2YBxPU+OvKFOc
37mcZrnXGBlF5NblnSYxp0186tGaTm7WMWx7NDlHT4GvhzHJQSOoo48ykDkKm/mk
LIkAlQIFEC4PWbs/ZwY8hTPrxQEBKyMD/A7kv91C1ZZIRtkbC9k9lsWOgOnO8wG8
bGMajaco465Z5llWD+Y8QCMdSWcowtOBGfW0Wv1bZ1uebeCpg1L66pJ7C+BOExrk
gPqRVCstLLiVerKGeSOZo3yXtxYKYX7mHQPrHp98ef7fUG4IiKS+S+znmGxpJwrV
sHZRlhJ3hXUsiQCVAgUQLg9ZefX0zg8FAL9FAQFBTAQAh4u4Vun7WhPuL6fsXiXm
paaGfeLtd3biRj/aOMAG1eHuhVdWejx71ormyKTdNB2YV56bpsE3JQ/KhBuYDo0N
SkRnqeM2S+Ef7aZEg6Q44uXG52pqCZUldtCeYfOs3aLCR9SMlc6Y3zmpSwB1wKP0
5+tN9zruNYVKKBLWEIFAY7W0K01pY2hhZWwgUGF1bCBKb2huc29uIDxtLnAuam9o
bnNvbkBpZWVlLm9yZz60IE1pY2hhZWwgSm9obnNvbiA8bXBqQG5ldGNvbS5jb20+
tChNaWtlIEpvaG5zb24gPDcxMzMxLjIzMzJAY29tcHVzZXJ2ZS5jb20+tCtNaWNo
YWVsIFAuIEpvaG5zb24gPG1wam9obnNvQG55eC5jcy5kdS5lZHU+tC1EbyBub3Qg
dXNlIGZvciBlbmNyeXB0aW9uIGFmdGVyIDI3IEp1bmUgMTk5Ni4=
=rR4q
- -----END PGP PUBLIC KEY BLOCK-----

Permission is granted to distribute unmodified copies of this FAQ.

To get the latest version of this FAQ, get
ftp://ftp.netcom.com/pub/mp/mpj/getpgp.asc or send mail to
ftp-request@netcom.com with the line
SEND mpj/getpgp.asc
in the body of the message.

There are many other frequently asked questions.  Most of them are covered in
the documentation that comes with PGP, and the few that aren't are addressed
in documents referenced above.
                  ___________________________________________________________
 |\  /| |        |                                                           |
 | \/ |o|        | Michael Paul Johnson  Colorado Catacombs BBS 303-772-1062 |
 |    | | /  _   | mpj@csn.org aka mpj@netcom.com m.p.johnson@ieee.org       |
 |    |||/  /_\  | ftp://ftp.csn.net/mpj/README.MPJ          CIS: 71331,2332 |
 |    |||\  (    | ftp://ftp.netcom.com/pub/mp/mpj/README   -. --- ----- ....|
 |    ||| \ \_/  |___________________________________________________________|


-----BEGIN PGP SIGNATURE-----
Version: 2.7

iQCVAgUBLtyzP/X0zg8FAL9FAQFUBAP7BGgnO/ceShksSff/iZ95K2rPgMWBXQ0n
fqryrVHVhZJZ+ITQYYnPCfXEFQd5xhRmTE0MGv0ZB/lt5w5tCXr+R3hlJJ4Be/XV
YdzJlmojYqKK5mixuKkMp19z7eAXWqSGVGCJuuKppJDVeNG3XNHG0Bc/ZFADFMGM
qRuGUZNXUVg=
=2gyb
-----END PGP SIGNATURE-----





Thread