1993-10-30 - Sternlight with the news…

Header Data

From: Anonymous <nowhere@bsu-cs.bsu.edu>
To: cypherpunks@toad.com
Message Hash: e6c084363beb8d40b1a570a33eecb220c884e76227acce0e72247b1049ed6805
Message ID: <9310300031.AA21054@bsu-cs.bsu.edu>
Reply To: N/A
UTC Datetime: 1993-10-30 00:33:25 UTC
Raw Date: Fri, 29 Oct 93 17:33:25 PDT

Raw message

From: Anonymous <nowhere@bsu-cs.bsu.edu>
Date: Fri, 29 Oct 93 17:33:25 PDT
To: cypherpunks@toad.com
Subject: Sternlight with the news...
Message-ID: <9310300031.AA21054@bsu-cs.bsu.edu>
MIME-Version: 1.0
Content-Type: text/plain



Newsgroups: sci.crypt,talk.politics.crypto,alt.security.pgp,alt.security.ripem,comp.org.eff.talk
From: strnlght@netcom.com (David Sternlight)
Subject: News from the cipher front
Message-ID: <strnlghtCFKJoH.IHu@netcom.com>
Organization: DSI/USCRPAC
Date: Wed, 27 Oct 1993 18:36:16 GMT
Lines: 143

Ciphertext, the RSA newsletter (v1 n1, Fall 1993) showed up in my mailbox
this week. It contains much useful and interesting information, as well as
an announcement of RSA's 1994 conference on January 12-14. What follows are
some digested excerpts, posted with permission.

On the Clipper front there is a very useful and non-polemical summary of the
technical aspects of Clipper by Paul Fahn, and an article by Martin Hellman.
Hellman is a Distinguished Associate of RSA Laboratories, one of the
inventors of Public Key technology, and a Professor of Electrical
Engineering at Stanford. He's not happy with Clipper as presently proposed,
and says why.  Since the article is based on his NIST testimony, the latter
can be obtained by anonymous ftp at isl.stanford.edu in
/pubs/hellman/nist.clipper.text.

The third annual RSA Data Security Conference is at Redwood Shores, CA. It
costs $245 per person. There is no Onsite registration. Deadline is Friday
12/17/93. For details contact RSA. Registration is limited to 400 and
includes the conference, tutorials, and hardcopy conference proceedings, as
well as a cocktail reception, and breakfast and lunch on all three days.

Apple Ships RSA Digital Signature in Long-Awaited System 7 Pro. On October
4th, Apple Computer introduced millions of new users to the RSA Digital
Signature. The producs are called PowerTalk and PowerShare and are part of
System 7 Pro, a new version of the Mac operating system. They include five
components, integrated into the operating system--Messaging, Electronic Mail
Directories, Privacy and Authentication, and Digital Signatures. They also
include RSA's RC4 symmetric stream cipher for server-to-server link
encryption. Powertalk is compliant with the Public Key Cryptography
Standards, and users will receive a voucher for a free unaffiliated
"residential digital certificate, good for use with any secure PKCS or
Internet PEM-compliant application.

The Apple System 7 Pro implementation is PEM-certificate compatible, and the
messages are as well.  (For those who want privacy, RIPEM Mac operates with
the key pair generated by the Mac.) There is an API to the sign/verify
functions of the MacOS so that any app developer can use the features
without needing to license from RSA. Of course, the MacOS with RSA Digital
Signatures is fully exportable. RSA has a free signer utility for
Windows that is compatible with the Mac sigs.

Internet Privacy Enhanced Mail Arrives. Several commercial and freeware
versions are available right now:

TechMail, written at MIT, is a complete mail reading program for Macintosh
and (soon) Windows. It includes full implementation of the Internet PEM
RFCs, using RSA's TIPEM toolkit as its security engine. It is a client of
the Internet Post Office Protocol. Techmail for the Mac is available from
net.dist.mit.edu in pub/TechMail. It runs on SLIP or non-SLIP. (Poster's
note: The SLIP version incudes PEM and works fine. I haven't tested the
non-slip version and am not sure if it yet includes PEM.)

TIS/PEM and T-Mail are non-commercial freeware and commercial supported
versions, respectively, of Trusted Information Systems implementations of
Internet PEM. The former was developed under contract with ARPA and
agreement with RSADSI and is available in source code for academic research
or exploratory use by corportions or individuals on the Internet. For more
information send e-mail to tispem-support@tis.com.

TIPEM 1.1 is the latest release of RSA's Toolkit for Interoperable
Privacy-Enhanced Messaging. It permits creating applications that comply
with the Internet PEM standards as well as the commercial Public Key
Cryptography Standards (PKCS) established by vendors including Lotus, Apple,
Novell, and Microsoft. The toolkit was used for Apple's Powertalk. It is
available directly from RSA Data Security Inc.

RIPEM is another freeware public key encryption program designed for
Internet PEM. It implements a subset of PEM as described in RFC's 1421-1424
The internet host ripem.msu.edu acts as a RIPEM key server for users who
choose to register their keys. It is available via anonymous ftp from
rsa.com and non-anonymous ftp from ripem.msu.edu.

RSA Certificate Services Center Opens for Business. This article describes
the center RSA has established to get ral certificates with your name,
public key, and organizational affiliation safely embedded in a
cryptographically tamper-proof digital document. This provides the digital
ID for Apple Powertalk, Internet Privacy-Enhanced Mail, or any X.509
certificate-based secure application.

The center allows you to issue your own affiliated certificates using RSA's
Certificate Issuing System; or the Certificate Services Center can issue
affiliated certificates for you, or you can purchase individual unaffiliated
certificates directly from the CSC. Revocation services are also provided,
as are certificate verification services. Users of Apple's System 7 PRO may
get their first certificate free. (Poster's note--as I understand it,
subsequent individual certificates are $25.) For more information contact
George Parsons, CSC Manager at 415-595-8782.

RSA Licensee Update: 

This piece is a partial list of products using RSA Technology available now
or coming soon. They include products from Novell, Apple, Microsoft, Trusted
Information Systems, Motorola, AT&T, Lotus, Word Perfect, Racal, IBM,
Northern Telecom, Hughes, etc. in categories of Security in the OS, Secure
E-mail, Secure Telephone and Fax, Secure Workgroup, Secure Electronic Forms,
Link and Node Encryption, and Secure Remote Access.

Hilgraeve Licenses RSA for Best-Selling Asynch Package. Hilgraeve, Inc. is
about to release the very first mass-market asynchronous communications
package with RSA encryptoin capabilities built in. The current release of
that software, HyperACCESS/5 is already a market leader, for DOS, OS/2, and
Windows. It has received PC Magazine's Editors' Choice Award three out of
the past five years for its quality, performance, and ease of use. For more
information, contact Matt Gray at 313/243-0576.

DataMedia's SECURExchange can "secure virtually any existing DOS, Windows,
or Macintosh E-mail system. It uses RSA Digital Envelopes, RSA Digital
Signatures, and RSA Digital Certificates. It has been fully tested with
cc:Mail, Microsoft Mail, DaVinci Mail, Beyond Mail, Internet, Compuserve,
MCI Mail, AT&T EasyLink, and other systems. For more info call 603/886-1570.

Dr. Ron Rivest has a piece on the Difficulty of Factoring--a reprint of a
"classic paper."

The RSA Factoring Challenge is a list of very long numbers posted on
rsa.com. There are cash prizes for the most successful factorers. Prizes
vary from the tens to the thousands of dollars, and unrewarded prize money
rolls over into a kitty from month to month.

SmartDisk is a smartcard that fits in a standard 3-1/2 inch diskette slot
and interfaces with the disk read heads. It's a high-performace smart card
that doesn't need a reader. It has its own embedded OS firmware. the firt
application available is SafeBoot, a complete PC access control package
which is "virtually unhackable. The encryption algorithm and key are stored
on the SmartDisk to protect them. For further info call Gene Wagner or Jon
Kaplan at Fischer International, 813/643-1500.

The above excerpts are only partial summaries of the material in the
newsletter.

RSA Data Security Inc. is at 100 Marine Parkway, Suite 500, Redwood City, CA
94065-1031.

Disclaimer: The poster of this summary has no connection with any of the
companies mentioned herein, except as an occasional beta tester for some,
and an interested observer.

David



-- 
David Sternlight         When the mouse laughs at the cat,
                         there is a hole nearby.--Nigerian Proverb






Thread