Info-PGP: PGP Digest Thursday 26 November 1992 Volume 1 : Number 34

Info-PGP: PGP Digest Thursday 26 November 1992 Volume 1 : Number 34
Hugh Miller, List Manager / Moderator

Info-PGP is a digested mailing list dedicated to discussion of Philip
Zimmermann's `Pretty Good Privacy' (PGP) public-key encryption program for
MS-DOS, Unix, VMS, Atari, Amiga, SPARC, Macintosh, and (hopefully) other
operating systems. It is primarily intended for users on Internet sites
without access to the `alt.security.pgp' newsgroup. Most submissions to
alt.security.pgp will be saved to Info-PGP, as well as occasional relevant
articles from sci.crypt or other newsgroups. Info-PGP will also contain
mailings directed to the list address.
To SUBSCRIBE to Info-PGP, please send a (polite) note to
[email protected]. This is not a mailserver; there is a
human being on the other end, and bodiless messages with "Subject:" lines
reading "SUBSCRIBE INFO-PGP" will be ignored until the sender develops
manners. To SUBMIT material for posting to Info-PGP, please mail to
[email protected]. In both cases, PLEASE include your name and
Internet "From:" address. Submissions will be posted pretty well as received,
although the list maintainer / moderator reserves the right to omit redundant
messages, trim bloated headers & .sigs, and other such minor piffle. I will
not be able to acknowledge submissions, nor, I regret, will I be able to pass
posts on to alt.security.pgp for those whose sites lack access.
Due to U.S. export restrictions on cryptographic software, I regret that I
cannot include postings containing actual source code (or compiled binaries)
of same. For the time being at least I am including patches under the same
ukase. I regret having to do this, but the law, howbeit unjust, is the law.
If a European reader would like to handle that end of things, perhaps run a
"Info-PGP-Code" digest or somesuch, maybe this little problem could be worked
around.
I have received a promise of some space on an anonymous-ftp'able Internet
site for back issues of Info-PGP Digest. Full details as soon as they firm
up.
Oh, yes: ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; STANDARD
DISCLAIMERS APPLY.

Hugh Miller | Asst. Prof. of Philosophy | Loyola University Chicago
FAX: 312-508-2292 | Voice: 312-508-2727 | [email protected]
Signed PGP v.2.0 public key certificate available by e-mail & finger(1)

-------------------------------------------------------------------------------

Newsgroups: alt.security.pgp
From: [email protected] (Lars Vatne)
Subject: Re: How secure is "casual" or "military"?
Date: Thu, 19 Nov 92 10:16:09 GMT

In article <[email protected]>, [email protected] (David Howell) writes:
|>
|> How secure ARE the various sizes? "Casual" eh? I mean, exactly,
|> approximately, or even vaguely how much time, talent, and/or computer
|> power would be needed to crack a pgp encryption? I've got enough
|> computer power that a 1024-bit key doesn't take that long to work,
|> and I'm sure it'll only get faster for all of us. I'm assuming that a
|> 1K key is more than merely twice as hard to open (at least with brute
|> force) than a 512-bit key, yes?
Quoting from "Security mechanisms for computer networks", Sead Muftic et al,
Ellis Horwood 1989:
Magnitude for the modulus in the RSA system
-----------------------------------------------------------------------
Log10(n) Number of operations Remarks
-----------------------------------------------------------------------
50 1.4E10
100 2.3E15 At the limits of current technology
200 1.2E23 Beyond current technology
400 2.7E34 Requires significant advances in technology
800 1.3E51

Provided you have a 10 000 MIPS computer system (which you don't), you'd
use ~ 3E33 years factoring the primes for an 800 bit modulo. Need a lot of
patience....
--
Lars Vatne Phone : +47 2 63 76 51
Engineering Division Fax : +47 2 63 84 97
Alcatel Telecom Norway AS e-mail : [email protected]

=-=-=-=-=-=

From: [email protected] (James Campbell)
Newsgroups: alt.security.pgp
Subject: Re: How secure is "casual" or "military"?
Date: 19 Nov 92 12:03:29 -0600

In article <[email protected]>, Lars Vatne writes:

> Provided you have a 10 000 MIPS computer system (which you don't), you'd
> use ~ 3E33 years factoring the primes for an 800 bit modulo. Need a lot of
> patience....

But log10(2^800) = 240.824, not 800. It would take a 2658-bit modulus to
get a log10 of 800. Since PGP 2.0 only allows RSA keys up to a size of 1136
bits, the largest possible PGP key has a log10(2^1136) of 341.97, for which
factoring would require around 2.5E31 operations, according to your source.

Also, this is a three-year-old UNCLASSIFIED document that you quote. It's
reasonable to assume that some large black-budgeted cryptologic organization
(for example, our NSA here in America) has better factoring algorithms than
are generally available, considering that they are better-funded and driven
by their mission to produce and use the fastest algorithms possible.

===========================================================================
James Campbell, Math Sciences Department, MSU; [email protected]
---------------------------------------------------------------------------

=-=-=-=-=-=

Newsgroups: alt.security.pgp
From: [email protected] (Hugh Miller)
Subject: PGP 2.0 sites list
Date: Sun, 22 Nov 1992 19:12:56 GMT

(Last modified: 1850 UTC, 22 Nov 92)

PGP v. 2.0 is gradually making its way out into the electronic world. It
has been posted to the FidoNet Software Distribution Network and should up on
many if not most Canadian and U.S. nodes carrying SDN software. Sorry: not on
FidoNet nodes outside the U.S. or Canada yet; U.S. crypto export laws are
strict and their enforcement is humorless. (Odd that U.S. export laws treat
Canada as part of the U.S., eh? Jumping the gun by a few years there, aren't
we?) Look for a local node near you. On the Internet, there are many sites
to try for anonymous ftp:

nic.funet.fi (128.214.6.100)
/pub/unix/security/crypt/pgp20.zip
/pub/unix/security/crypt/pgp20src.zip

van-bc.wimsey.bc.ca (192.48.234.1)
/pub/crypto/PGP-2.0/pgp20.zip
/pub/crypto/PGP-2.0/pgp20src.zip

ftp.uni-kl.de (131.246.9.95)
/pub/atari/incoming/pgp20.zip (Atari binary)
/pub/atari/incoming/pgp20src.zip

ghost.dsi.unimi.it (149.132.2.1)
/pub/crypt/pgp20.zip
/pub/crypt/pgp20src.zip

gate.demon.co.uk (158.152.1.65)
/pub/ibmpc/pgp/pgp20.zip

qiclab.scn.rain.com (147.28.0.97)
/pub/mail/pgp20.zip

pc.usl.edu (130.70.40.3)
/pub/msdos/crypto/pgp20.zip

leif.thep.lu.se (130.235.92.55)
/pub/Misc/pgp20.zip

goya.dit.upm.es (138.4.2.2)
/info/unix/misc/pgp20/pgp20.zip

tupac-amaru.informatik.rwth-aachen.de (137.226.112.31)
/pub/rz.archiv/simtel/msdos/MSDOS_UPLOADS/pgp20.zip

ftp.etsu.edu (192.43.199.20)
/aminet/util/crypt/PGP20amiga.lha (Amiga binary)

princeton.edu (128.112.128.1)
/pub/pgp20/pgp20.zip
/pub/pgp20/unix_pgp20.tar.Z (compressed tar file for Unix sites
lacking an implementation of unzip.)

pencil.cs.missouri.edu (128.206.100.207)
/pub/crypt/pgp20.zip
/pub/crypt/pgp20src.zip
/pub/crypt/pgp20src.tar.Z (compressed tar file for Unix sites
lacking an implementation of unzip.)

For those lacking ftp connectivity to the net, nic.funet.fi also
offers the files via mail. Send the following mail message to
[email protected]:

ENCODER uuencode
SEND pub/unix/security/crypt/pgp20src.zip
SEND pub/unix/security/crypt/pgp20.zip

This will deposit the two zipfiles, as 15 batched messages, in your mailbox
with about 24 hours. Save and uudecode.

You can try to get PGP 2.0 via email from:

[email protected]

Send a statement:

/PDGET /public/msdos/pgp20.zip [UUENCODE | XXENCODE]

This is a small DOS Waffle machine in San Jose, CA (not Vietnam).

PGP20.ZIP is available in the UNIX and IBMPC RoundTables on the commercial
service, GEnie. Search for "PGP" or "Privacy" or for uploads by "ANDY" (Andy
Finkenstadt, GEnie UNIX sysop/manager, to whom many thanks!)

Both PGP20.ZIP and PGP20SRC.ZIP are available from Exec-PC in Milwaukee,
one of (if not *the*) largest private BBS's in North America. They're available
in the Mahoney IBM Compatible MS-DOS collection. The 2400b number there is
(414)789-4210. From there it should spread pretty rapidly across the BBS
landscape of the U.S. and Canada, parallelling the FidoNet diffusion.

Both PGP zipfiles have also been uploaded to BIX (Byte Information
Exchange). To download them:
After signon, type "LISTINGS"
Select option "1" (category)
Type "SECURITY"
Select option "6" (download)
Type "PGP20.ZIP" (or "PGP20SRC.ZIP")

The Northern Lights BBS in Troy, NY, has both PGP20.ZIP and the source
code, renamed to pgp20src.tar.Z for compatibility with Unix, for free download.
Call (518) 237-2163 at 300-2400 bps 8N1 24 hours a day. Then login directly to
the pgp account as follows:

tnllogin: pgp
Password: key

and help yourselves. Thanks to Daniel Ray of tnl for this fine service.

Another private BBS from which you can obtain PGP for the simple price of
the long-distance call time is the Grapevine BBS, the largest BBS in Arkansas.
It's run by John Eichler in Little Rock. He sent me the following information
for your edification and enlightenment:

> The GRAPEVINE BBS in Little Rock is the largest BBS in Arkansas. To
> help people obtain a copy of PGP20, the GRAPEVINE has set up a special
> account for this purpose. The following phone numbers are applicable
> and should be dialed in the order presented (i.e., the top one first
> since it is the highest speed line).
>
> (501) 753-6859
> (501) 753-8121
> (501) 791-0124
> (501) 753-4428
> (501) 791-0125
>
> When asked to login use the following information.
>
> name: PGP USER ('PGP' is 1st name, 'USER' is 2nd name)
> password: PGP
>
> There is a special menu which one gets which shows the following
> programs to be available.
>
> pgp20.zip
> pgp20src.zip
> pgp20os2.zip
> pkz110.exe
>
> Should you have any questions e-mail either me
> ([email protected]) or the Sysop of the BBS whose address
> is [email protected].

-- Thanks, John!

Good news! PGP has been ported to the Apple Macintosh (a nontrivial
feat)! The following note is from Zig Fiedorowicz, the implementer:

"A Macintosh port of PGP 2.0 has been placed in the
/mac/util/encryption directory of mac.archive.umich.edu. It has a
modest Macintosh interface. It has not been tested extensively and
should be considered a beta version. Bug reports are welcome. More
work on MacPGP is planned and later versions will be more widely
distributed." --Zig Fiedorowicz ([email protected])

The Mac version has also been posted at the following sites:

plaza.aarnet.edu.au
/micros/mac/umich/util/encryption/macpgp2.0.sit.hqx

pencil.cs.missouri.edu
/pub/crypt/macpgp2.0.sit.hqx

wuarchive.wustl.edu
/mirrors3/archive.umich.edu/mac/util/encryption/macpgp2.0.sit.hqx

src.doc.ic.ac.uk
/computing/systems/mac/umich/util/encryption/macpgp2.0.sit.hqx.Z

If none of these sites do it for you, let me know. Film at 11.

Best regards!
-=- Hugh

P.S.: If you come across sites where it's posted -- especially FREE ACCESS
sites -- please drop me a line ([email protected]).
I'd like to maintain a current list as part of a PGP FAQ list. Thanks!

P.P.S.: This will be the last revision of the sites message until the
appearance of version PGP 2.1, expected sometime in the next few weeks.

--
Hugh Miller | Dept. of Philosophy | Loyola University of Chicago
Voice: 312-508-2727 | FAX: 312-508-2292 | [email protected]

=-=-=-=-=-=

Newsgroups: alt.security.pgp
From: [email protected] (Christopher Browne)
Subject: Re: PGP 2.0 sites list
Date: Sun, 22 Nov 92 22:55:11 GMT

In article <[email protected]> [email protected] (Hugh Miller) writes:
>many if not most Canadian and U.S. nodes carrying SDN software.
>Sorry: not on FidoNet nodes outside the U.S. or Canada yet; U.S.
>crypto export laws are strict and their enforcement is humorless.
>(Odd that U.S. export laws treat Canada as part of the U.S., eh?
>Jumping the gun by a few years there, aren't we?)

Interestingly, the patent restrictions that could be of danger to
users in the US seem not to apply in Canada. Canadians can't export
PGP out of North America, but it does look like they can use it with
relative impunity.

>Look for a local node near you. On the Internet, there are many sites
>to try for anonymous ftp:
>...
> ftp.uni-kl.de (131.246.9.95)
> /pub/atari/incoming/pgp20.zip (Atari binary)
> /pub/atari/incoming/pgp20src.zip

This information is outdated; PGP is no longer available there. And
pgp20.zip was actually the IBM binaries, and not the Atari version; it
would be of great interest to ST users to find an actual site where
TOS binaries are available. I've had it running under MiNT, and have
had a number of requests for a TOS version, which I haven't been able
to satisfy, due to a lack of debugging time as well as (in one case)
export restrictions.

Could someone from uni-kl (Stephen Neuhaus, perhaps?) see about
publicising some German site where binaries are available? 'Twould be
greatly appreciated!

--
Christopher Browne | PGP 2.0 key available
[email protected] |===================================
University of Ottawa | The Personal Computer: Colt 45
Master of System Science Program | of the Information Frontier

=-=-=-=-=-=

From: [email protected] (Dan Swartzendruber)
Newsgroups: alt.security.pgp
Subject: MacPgp
Date: 21 Nov 92 19:42:52 GMT

I'm a little confused on how to get this to work. When I try to create a key, it asks me
some questions and then finally tells me it's going to generate a key by timing my typing
of random characters and I should stop when I hear the beep. There are a couple of problems:

1. If I try to type at anything more than a trivial speed, the keystrokes are rejected
with the system beep.

2. It doesn't ever seem to terminate. I've left it sitting there waiting for 5 minutes
with no change.

Am I missing something?

--

#include <std_disclaimer.h>

Dan S.

=-=-=-=-=-=

From: [email protected] (Zbigniew Fiedorowicz)
Newsgroups: alt.security.pgp
Subject: Re: MacPgp
Date: 23 Nov 1992 12:00:44 -0500

[email protected] (Dan Swartzendruber) writes:
>I'm a little confused on how to get this to work. When I try to create a key
>.............................................................................
>of random characters and I should stop when I hear the beep.

I'm the author of MacPGP and am sorry for the confusion. The above message
is inaccurate. You should continue typing until PGP writes the following
message to the console:
-Enough, thank you.

I am using the portable code to measure keystroke timing, which is inadequate
to keep up with a good touch typist. So you must type a lot (>4 full lines)
and slowly to generate enough random data for a 1024 bit key.

Moreover once you finish typing enough characters, depending on your hardware,
it will take a long to LONG time to actually generate a key. On a Quadra it
will probably take <10 minutes, whereas on a Mac Plus it may take several
hours for a 1024 bit key. During the period when MacPGP is computing a key
(but not when timing keystroke intervals) MacPGP calls WaitNextEvent repeatedly
to allow you to switch PGP to the background or to cancel key generation with
command-period.

I am planning to improve some of these aspects of MacPGP's performance in a
forthcoming version.

Cheers,
Zig Fiedorowicz

=-=-=-=-=-=

Newsgroups: alt.security.pgp
From: [email protected] (Edgar Matias)
Subject: Re: MacPgp
Date: 23 Nov 92 03:58:28 GMT

I ftp'd MacPGP from mac.archive.umich.edu but couldn't get StuffIt Classic
to unstuff it. Anyone else out there have a similar problem?

Edgar
--
Edgar Matias
Input Research Group
University of Toronto
--
I speak for no one...

=-=-=-=-=-=

From: [email protected] (Zbigniew Fiedorowicz)
Newsgroups: alt.security.pgp
Subject: Re: MacPgp
Date: 23 Nov 1992 12:09:08 -0500

Edgar Matias ([email protected]) writes:
>I ftp'd MacPGP from mac.archive.umich.edu but couldn't get StuffIt Classic
>to unstuff it. Anyone else out there have a similar problem?

That's because MacPGP is compressed using the latest Stuffit compression scheme,
unknown to Stuffit Classic. Get Stuffit Expander from any of the standard
mac ftp archives.

Cheers,
Zig Fiedorowicz

=-=-=-=-=-=

Newsgroups: alt.security.pgp
From: [email protected] (Timothy C. May)
Subject: Re: MacPgp
Date: Mon, 23 Nov 1992 07:27:01 GMT

Edgar Matias ([email protected]) wrote:
:
: I ftp'd MacPGP from mac.archive.umich.edu but couldn't get StuffIt Classic
: to unstuff it. Anyone else out there have a similar problem?
:

I had the same problems--I first ran BinHex 5.0 (to convert the .hqx
file to a .sit file) and then tried to unstuff it. It wouldn't even
show up in StuffIt's file selection menu.

Then I tried BinHex 4.0 and UnstuffIt and it all worked. I suspect it
was the BinHex 4.0 that made the difference.

--Tim May
--
.........................................................................
Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^756839 | PGP Public Key: by arrangement.

=-=-=-=-=-=

From: [email protected] (Felipe Rodriquez)
Newsgroups: alt.security.pgp
Subject: PGP 2.0 sites-list
Date: Mon, 23 Nov 92 19:40:12 GMT

> PGP v. 2.0 is gradually making its way out into the electronic world. It
>has been posted to the FidoNet Software Distribution Network and should up on
>many if not most Canadian and U.S. nodes carrying SDN software. Sorry: not on
>FidoNet nodes outside the U.S. or Canada yet; U.S. crypto export laws are
>strict and their enforcement is humorless. (Odd that U.S. export laws treat
>Canada as part of the U.S., eh? Jumping the gun by a few years there, aren't
>we?) Look for a local node near you. On the Internet, there are many sites
>to try for anonymous ftp:

I have personally uploaded the PGP sdn package to all european SDM
backbones. It should have been distributed through the SDN network here,
as it was in the states. This was 2 months ago :-)

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.0

mQCNAiqrg5sAAAEEANyzAvOLI+VZYd5hen0Lme/eyasVrZVLMLYU7vvKTq6GIwtE
Rypu9aZyEAVE6hy896JLR58IxYDVRCwY7Bwcp9sFdoTPXDrEEcSkA3Vdt5uiQh5u
h7nfRXG9rVEcw9FYKHkvbPZMNfRVW71hKlZM+QweHNcFYsyz+TjMMcKgfAL5AAUR
tC1GZWxpcGUgUm9kcmlxdWV6IDxub25zZW5zb0B1dG9waWEuaGFja3RpYy5ubD4=
=q/if

=-=-=-=-=-=

Newsgroups: alt.security.pgp
From: [email protected] (Stephan Neuhaus (HiWi Mattern))
Subject: Re: PGP 2.0 sites list
Date: Tue, 24 Nov 1992 14:33:26 GMT

[email protected] (Christopher Browne) writes:

>In article <[email protected]> [email protected] (Hugh Miller) writes:

>>Look for a local node near you. On the Internet, there are many sites
>>to try for anonymous ftp:
>>...
>> ftp.uni-kl.de (131.246.9.95)
>> /pub/atari/incoming/pgp20.zip (Atari binary)
>> /pub/atari/incoming/pgp20src.zip

>This information is outdated; PGP is no longer available there. And
>pgp20.zip was actually the IBM binaries, and not the Atari version;

Right, I just looked. I don't know what has happened to them; I guess
they just got deleted. Somehow I nuked my copy of pgp20src.zip, but I
still have a homemade pgp-2.0.tar.Z and pgp20.zip. These contain, as
you said, the MSDOS binaries.

I would like to create a TOS version (as compared to a MiNT version)
but I have recently bought a SUN 3 and needed a hard disk...
Therefore: No development on or for the ST anymore. I only have my
own Atari executable, which runs under MiNT.

>Could someone from uni-kl (Stephen Neuhaus, perhaps?) see about
>publicising some German site where binaries are available? 'Twould be
>greatly appreciated!

Hmmm... Without archie to help, this task is beyond my means. And I
have already received requests from Germans who couldn't get a TOS
version. If any of you have any ideas, please drop me a note and I'll
see what I can do. On top of my head, I don't know any archive sites
with pure TOS binaries.

For the moment, I'll upload the MSDOS binaries and Unix-style sources
(ASCII 10 newline delimiters instead of ASCII 13/10) pgp-2.0.tar.Z
into pub/atari/incoming again. This time, I'll notify the ftp admin,
promise... :-) Tomorrow, I'll also upload the MiNT binary into the
same directory.

So, if you need either Unix-style sources, MSDOS executables, or MiNT
executables, ftp to ftp.uni-kl.de and look in pub/atari/incoming for
anything that begins with pgp.

Note: The Atari subdirectory and its subdirectories are world
writable. If I have the time, I'll compute a signature and any
sufficiently paranoid signature can get it from me, either on paper,
by voice or (least secure) by email.

Have fun.

--
Stephan <[email protected]>
sig closed for inventory. Please leave your pickaxe outside.
PGP 2.0 public key available on request. Note the expiration date.

=-=-=-=-=-=

Newsgroups: alt.security.pgp
From: [email protected] (Stephan Neuhaus (HiWi Mattern))
Subject: Re: PGP 2.0 sites list
Date: Tue, 24 Nov 1992 16:05:29 GMT

[email protected] (Stephan Neuhaus (HiWi Mattern)) writes:

>If I have the time, I'll compute a signature and any
>sufficiently paranoid signature can get it from me, either on paper,
>by voice or (least secure) by email.

What in hell was I thinking when I wrote about a ``sufficiently
paranoid signature''? I meant ``sufficiently paranoid person'', of
course! I had intended to be funny, and funny I was, even beyond my
wildest dreams!

>Have fun.

That still holds, especially after reading this particularly
delightful typo.

Have fun.

--
Stephan <[email protected]>
sig closed for inventory. Please leave your pickaxe outside.
PGP 2.0 public key available on request. Note the expiration date.

=-=-=-=-=-=

Newsgroups: alt.security.pgp
From: [email protected] (Russell Earl Whitaker)
Subject: Re: PGP 2.0 sites list
Date: Mon, 23 Nov 1992 21:00:16 +0000

Also add to your list:

/pub/ibmpc/pgp/pgp20.zip
at
gate.demon.co.uk

--

Russell Earl Whitaker [email protected]
Communications Editor [email protected]
EXTROPY: The Journal of Transhumanist Thought AMiX: RWHITAKER
Board member, Extropy Institute (ExI)
================ PGP 2.0 public key available =======================

=-=-=-=-=-=

From: mathew <[email protected]>
Newsgroups: alt.security.pgp
Subject: Re: MacPgp
Date: Wed, 25 Nov 92 17:01:49 GMT

[email protected] (Dan Swartzendruber) writes:
> 1. If I try to type at anything more than a trivial speed, the keystrokes are
> with the system beep.

Yes. Type VERY VERY SLOWLY.

> 2. It doesn't ever seem to terminate. I've left it sitting there waiting for
> with no change.

Yup. It took ages on my Mac too. If you're running it on a Powerbook, as I
was, make sure your Powerbook doesn't go into "power save" mode, which slows
the machine down to 1/8 of the normal speed.

> Am I missing something?

Yes. MacPGP is VERY VERY SLOW. It took it several minutes to read my keyfile
from my PC at work. I can easily believe that it takes more than five
minutes to generate a key.

Be careful when typing your password in, too. The program only seems to be
able to cope with about two keystrokes per second.

mathew

=-=-=-=-=-=

Newsgroups: alt.security.pgp,sci.crypt
From: [email protected] (Hugh Miller)
Subject: PGP vs. RIPEM
Date: Thu, 26 Nov 1992 05:44:45 GMT

I'm forwarding the following for Zhahai Stewart:

~Date: Mon, 23 Nov 92 17:14:36 PDT
~From: [email protected] (Zhahai Stewart)
~Subject: Some conceptual differences: PGP/PEM

There seems to be some discussion regarding the relative merits of
RIPEM and PGP; perhaps it would be worthwhile to explain why the two
have different niches, and neither is likely to fill the other's niche
well.

RIPEM is compliant with the PEM standard (draft RFC). Its whole
purpose in life is enhancing Internet email. The PEM standard is
designed to be highly integrated into the Internet; this means that
it is relatively more limited, and by being so limited it can do a
good job at the one task it takes on.

PGP is a very portable privacy system with many more features and a
much broader scope. It could be used with many different forms of
email, as well as for totally non mail oriented applications. As
such, it does not integrate as well with Internet mail.

Some examples of how this influences their conceptual design follow.
PEM integrates much of the cryptographic information into Internet
style headers; PGP uses a more compact and efficient system-independent
binary packet data structure. PEM's email-plus design exposes more
information for traffic analysis than does PGP's standalone design.

A major point is that PEM has a quite different concept of "identity"
than does pgp. A major concept in PEM is that an identity is a mailbox
in the internet heirarchical form; keys are then certified (through a
similar heirarchy of organizations propagating trust from on high) as
being connected to this "mailbox identity". This design makes a lot
of sense from the Internet sense (domain heirarchies being already
integral to the Internet conceptual model).

PGP follows a different drummer, with different strengths and
weaknesses. The fundamental concept of identity is the keypair itself.
This is sufficiently different to deserve some background.

Consider that one could correspond securely for years with some "entity"
(generally another human being) without ever knowing "who" they were.
What you do know is that the same "entity" read and wrote those many
messages you have exchanged; nobody else can pretend to be them (or
you), and nobody else can eavestap on your interchanges. Their public
key is in effect an unforgeable "handle" by which you know them. Over
the years,you might use various mailboxes, usernames, networks, and
even different media, yet you know it's still the same person. This
is as solid a thread of "identity continuity" as you can get in the
electronic world, and so it forms the basis of the concept of
"identity" for PGP.

We don't like to refer to each other by 1000 bit numbers, tho, so PGP
allows you to associate a key with a textual "userid". This could be
a full legal name as it appears on a passport. It could be a nickname
or "handle". It could be a login or user name on a given system
(including an Internet mailbox address). It could be all the
information on your drivers license, complete with number. It could
be your postal address. The point is that the "identity" core is the
key itself, and each userid is an independent secondary association
with the key. And you can have many such secondary associations (for
example, one or more of each of the above), each used in different
contexts. Use the drivers license one to prove your age, assuming
it is signed as visually verified by someone that the recipient trusts;
use whichever email address is appropriate for the network on which
you are communicating; etc. They can also vary over time; addresses
change, drivers license numbers change, even names change, especially
with marriage. Yet your identity remains the same; whoever possesses
the secret key "is" the entity associated with it.

Of course, the linkage or association of a key with a given userid
string is only as meaningful as the signatures on that association.
For a nickname, a self-signature is sufficient (if the keyholder signed
it themselves, then you at least know "that's what they call themselves").
In general, you should always look for a self-signature, perhaps in
addition to others, depending on context. For a legal name, as with
a contract, a stronger outside signature may be needed; that is, the
key to userid association should be signed by someone or some
institution YOU know and trust. PGP has pretty powerful key management
to support this type of decentralized trust decision making.

Of course, the same person can have multiple keys if they wish; the
choice of tying together various "userid strings" to a single key, or
to separate keys, is up to the individual. If you want a
nom-de-phosphor, with a separate key, you can easily manage that.

These "userid" strings can be used for many purposes beside email
addresses. Some were given above. Other examples could be certifying
that the given person (whoever owns that key) is an employee of XYZ
Corp., with an expiration date, and signed with the company key. This
person could keep that signed userid on their keychain, and give out
copies only when they wish to prove their association with XYZ corp.

So PEM's fundamental concept of identity is the volatile one of
"internet mailbox"; and a top down chain of official certification is
used to verify the association between the (primary) mailbox and a
(secondary) key. PGP's fundamental concept of identity is the key
itself (which one may keep for many years), and the association with
one or many email addresses, postal addresses, job associations,
usernames, legal names, passpord or drivers license numbers, etc.
are secondary, multiple, indepenent, extensible, and flexible. This
permits a much wider range of application; individual control of
which "aspects" of one's identity one wishes to disclose (by choosing
which of one's multiple userids, and which signatures thereof, one
gives to each person; and decentralized trust systems.

This is a very important difference, much more than whether IDEA or
DES is used for encryption (as these will change). PGP would lose a
great deal if it were limited to Internet mail applications
(conceptually). On the other hand, it loses some "application
specific targeting" by not being limited to Internet mail. Each
approach has its tradeoffs. PGP may nevertheless become more
integrated with given mail software over time; it's not impossible to
make it easier to use from within a given mail package, as easy as
RIPEM even. Certainly, it will be much easier to migrate PGP into
RIPEM's limited application scope than vice versa! Just don't ask
for a "PEM compatible" form of PGP - it was designed for a different
and larger scope; if you want PEM compatibility, use RIPEM or some
other implementation.

Implementing IDEA in RIPEM, or DES in PGP, wouldn't scratch the
surface towards making them "compatible"; those are just details. The
serious incompatibility is that they address different needs, and
were both designed differently from the ground up so as to meet
those needs.
--
Zhahai Stewart - via ParaNet node 1:104/422
UUCP: !scicom!paranet!User_Name
INTERNET: [email protected]

***** End Info-PGP Digest *****

Downloaded From P-80 International Information Systems 304-744-2253