Slashdot Mirror
DMCA Attacks: NAI Tells Sites To Remove PGP (Updated)
daecabhir writes: "I am on Declan McCullough's excellent policy and technology mailing list, and received this article on Declan's Politech web site. Basically, Network Associates now appears to be using the DMCA to force sites that provide access to the "free" versions of PGP to cease and desist, if this is any indication. Unfortunately, I think that Network Associates may well be within their rights with regards to 'their' intellectual property, even if I disagree with the manner in which they are going about things." Update: 05/22 13:55 GMT by T : Looks like this wasn't the whole story, and in fact NAI was only objecting to a site with the commercial version of its software -- read below for more.
Grant Bayley writes: "The hype being generated by the "NAI pulls out the DMCA stick" postings and the spectre of PGP being "removed from the Internet" is entirely
bogus, and provably so with a little bit of fact checking.
Looking through the Google cache, it becomes very clear very quickly that crypto.radiusnet.net was hosting a copy of the commercial version of the software - not a copy of the PGPi (aka freeware) version of the PGP product. Given that this is the case, NAI is well within their rights to demand the removal of the files.
You can confirm this in the Google Cache.
get those copies to an offshore server!!
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
isn't pgp a free application? whats the big deal here? just being stingy?
Get paid to code OSS
What is the DMCA's policy on older software?
Does this mean that older versions of PGP now belong to Network Associates and are subject to the company's will? Even if they were free?
Good thing there's GPG...
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
So which version was being hosted that led to NAI sending out the copyright violation notice? Was this a commercial version that truly was a `pirate' copy, or was it the same version hosted at pgpi.com? (http://www.pgpi.org/products/pgp/versions/freewar e/) The pgpi site doesn't seem to have any information regarding this, and you would think they would given the impact of it to them.
So that article included a link to infinging material. What was at that link? Was it illegal copies of NAI software? Or does this meen NAI is trying to crackdown on open source implementations of PGP?
-jag
http://starboard.flowtheory.net/
Phil Zimmerman, what's your stance on this?
at http://web.mit.edu/network/pgp.html, but you can bet that i'm gonna download it again right now and burn the installer onto a CD.
When will corps learn that if they act like M$ no one will buy their products
:(
Money is not everything...
This world, So sad
TIA!
Curb CO2 emissions: Kill yourself today!
Many versions for many platforms available here: PGPi.
Information wants to be free.
I purchased several copies of NAI's PGP for Unix version 5. The CD had a standard license agreement with it. Two years later, I receive a letter from NAI telling me that my license was revoked and I could no longer use the software.
Somehow, I do not think I received my $1500 worth.
I should have known, I asked NAI's sales department for a price quote on NAI virus protection products for the "enterprise" and I never did receive a straight answer.
Thank God for GPG! Works with NAI's PGP plug-ins and it's truly free.
I find it interesting how Network Associates bought out PGP, then killed it, and is now trying to shut it down. Although it may be a long shot, could it be that the government is behind this? The government did not want PGP to be released in the first place because they thought it would threaten security...
and for those still looking for PGP and unwilling to use GPG, there's still KaZaA.
I'm the Devil the Windows users warned you about.
The google cache of the directory in question (that incited NAI to send the cease and desist) can be found at http://www.google.ca/search?q=cache:2PdJtPM6n0QC:c rypto.radiusnet.net/archive/pgp/+&hl=en. Immediately I see products that were in the NAI distribution of PGP (commercial) but aren't in the freeware version (such as PGP Disk). Is this just a case of a copyright violation (and possible outright piracy to the tune of "warez" sites) being defended as something else? I could be very much mistaken, but not all of PGP was made freeware, and even no longer sold products maintain intellectual property that the company has every right to maintain control of for future use.
Disclaimer: I am not a lawyer
1 02 0_pl105-304.html
Maybe I've had too many beers, but I dont think the DMCA has anything to do with this sort of "piracy". It covers anti-circumvention clauses covered by WIPO treaty and "original designs" meaning look 'n feel type stuff.
Existing law should cover stuff like piracy and ownership of code, algorithms etc. not the DMCA. Again I'm not an IP lawyer, maybe someone would like to explain.
http://www.eff.org/IP/DMCA/hr2281_dmca_law_1998
Has Phil made a comment yet regarding this? PGP is his child and it seems like if anyone has anything useful regarding this to say, he does. Where are you, Phil?
~~~
If your user agent happens to include "wget", watch out! "Any IP/Host seen using wget or any other mirror tool will be banned!
Got friends?
Why isn't this just a "plain copyright" case? Like the Church of Scientology attacking Google with the DMCA, I don't see why they need the part about circumventing access controls to copyrighted material. It would make more sense to invoke plain old copyright law. Are the letters "DMCA" more scary or something?
Network Associates are quite within their rights to stop people distributing their software unless they had specifically given those rights in an unrevocable way. Why is this a good thing?
Never underestimate the dark side of the Source
It's pointless
Since GnuPG does not use the patented IDEA algorithm, it is in no danger from NAI.
If Bill Gates had a nickel for every time Windows crashed... Oh wait, he does.
Time to start collecting all the copies of PGP while they last. I was wondering how they (ANTI_PGP Gestaopo) were going to eradicate the use of PGP. Now we know.
How do you get gpg to work with nai's plugins? I love the outlook plugin from nai but I would love to use gpg on the backend.
I could be mistaken, but I think that GPG plays just fine with NAI's plug-ins. And as for frontends, I don't think you have looked hard enough. Also, Kmail has effortless integration with GPG, and I hear that Evolution does too, although I've heard that there were a couple of bugs in it. Perhaps they've been fixed by now.
:Peter
How about a link to a scan of that letter (with your details blanked out, of course)? It'd also be educational to see the original license agreement, to determine if it even contained an out like that for NAI (providing that it's enforcable to begin with, which is probably a stretch in a non-UCITA state anyway). IANAL, etc.
CEE5210S The signal SIGHUP was received.
that's funny. What license are distributing that joke under?
Yes, as only The Mighty U.S. Of A can develop encryption techniques. No other backwards little country could think of such a thing!
(even thou. the brits did it first...)
And for those that haven't found it yet, enigmail should allow you to use GNU Privacy Guard with Mozilla, even under Windows. Haven't tried it myself yet.
Nathan's blog
Your right. Here, let me just go ahead and publish my credit card information, social security number, address, birthday, bank account info, access to stocks portfolios and what the hell, let me throw in the same of my wifes. And gee whiz, why not just go ahead and publish my username and password list to all my online accounts. Yeah, to hell with encryption, we can all trust each other, right. We all know each other that know that no one would think of misusing that info, right?
Okay, in case you're a complete moron, that was sarcasm. You just go on believing that crap you just preached. No skin off my back when you get totally hosed...
We tell other countries what to do, they do it.
It's called Pax Americana and it's been the international order since 1990.
I have been pwned because my
wget -m -U "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" http://www.foobar.com/quux/
:)
happy mirroring
Sec. 1201 and 1202 deal with circumvention. Sec. 512 - a different provision - deals with service provider liability and entails the notice-and-take-down liability sections. These provisions limit service providers' liability for hosting copyrighted content. Thus, when Declan talks about the DMCA "nastystick", he's talking about Sec. 512 of the DMCA. Same with the Co$ incident. Sec 512 there too. Other than that, it is just 'plain old' copyright law.
Under the DMCA, I ask you to keep your dog from sh... on my lawn!!!
Has the word DMCA been recently accepted as a synonym for "generic laswuit"?
Opus: the Swiss army knife of audio codec
Seems to me that Network Associates, with their backs to the wall, are playing the part of a losing hockey team facing elimination in Game 4 of a best-of-seven series.
Play dirty to survive.
If they are defending their rights to a product they no longer market, it means they're trying to retain its value in order to sell it to someone else.
Rock on PGP, free or otherwise.
What's the point? If it's not open source and if it's not commercially supported, it's dead. Oh, you may still be able to use it for a little while but then operating systems and libraries will drift away.
it's too bad that people don't pay more attention to rms when he talks about freedom.
and it's also too bad that people kept doing dev on possibly not free pgp versions instead on truly free implementations of pgp (ie gnupg).
how many times are we going to learn this lesson?
US Citizen living abroad? Register to vote!
A quick look at the documentation that came with my version of PGP Freeware:
Network Associates Freeware End User License Agreement
(Non-Commercial Use and Distribution Only)
1. License Grant. Subject to the terms and conditions of this Agreement, Network Associates hereby grants to you a non-exclusive, non-transferable right to use, copy and distribute solely for Non-Commercial Purposes (as defined below) the specified version of the Software and the accompanying documentation (the "Documentation").
a. For purposes of the foregoing, "non-commercial purposes" means non-commercial, non-governmental use, including, without limitation, home use for personal correspondence, student or academic use, or use by non-profit human rights organizations. The Software is "in use" when it is loaded into the temporary memory (i.e., RAM) or installed into the permanent memory (e.g., hard disk, CD ROM, or other storage device) of a computer for the purpose of being accessible in client-mode by an end user.
b. You may make exact, unmodified copies of the Software and distribute such copies solely (i) by electronic means; (ii) for Non-Commercial Purposes; and (iii) with all proprietary notices (including without limitation all copyright notices and this End User License Agreement) intact and unmodified or obscured.
3. Term. This Agreement is effective unless and until earlier terminated as set forth herein. This Agreement will terminate automatically if you fail to comply with any of the limitations or other requirements described herein. Upon any termination or expiration of this Agreement, you must destroy all copies of the Software and the Documentation.
11. Miscellaneous. This Agreement is governed by the laws of the United States and the State of California, without reference to conflict of laws principles. The application of the United Nations Convention of Contracts for the International Sale of Goods is expressly excluded. This Agreement sets forth all rights for the user of the Software and is the entire agreement between the parties. This Agreement supersedes any other communications with respect to the Software and Documentation. This Agreement may not be modified except by a written addendum issued by a duly authorized representative of Network Associates. No provision hereof shall be deemed waived unless such waiver shall be in writing and signed by Network Associates or a duly authorized representative of Network Associates. If any provision of this Agreement is held invalid, the remainder of this Agreement shall continue in full force and effect. The parties confirm that it is their wish that this Agreement has been written in the English language only.
Quick overview of the sections not included:
2. Restictions: no renting/leasing/loading/reselling.
4. Updates: No tech support.
5. Ownership Rights: They still own all the copyrights.
6. Warrant Disclaimer: "As is" software.
7. Limitation of Liability: I can't hold them liable.
8. US Government:
9. Export Controls: Don't let it cross a border! oh no!
10. High Risk Activities: Don't use this inconjunction with life-support, etc.
So, section 1 grants me the right to use, copy and distribute PGP. Section 3, there is no expressed limit on the amount of time I can use it. The only limiting factor is section 11, which gives them the right to modify by a written addendum.
Damn. Guess I'll just have to switch to GPG.
- SignalFreq
I think we'll all find that this ends up being less of a problem than it seems to be, and certainly one unworthy of Declan's attention. The first thing to consider is that of the couple of security/crypto archives out there (Wiretapped, munitions.vipul.net, the old zedz.net site, Packetstorm), the crypto.radiusnet.net one is the only one of the group that is out of date, disorganised and discourages mirroring. Look over the site, and you'll see what I mean. The second thing to consider is that (as another poster has already mentioned) PGPi.org has the explicitly freeware versions of the software available on a number of mirrors worldwide, and does not appear to have been made a target here.
Conspiracy theories aside, if they were mirroring commercial versions of the product, NAI is well within their rights to pursue them, and I'm sure the other legitimate crypto/security archive sites will be glad to see crypto.radiusnet.net stop sullying their good names by association.
That's exactly the point. That's the way it should be. The application does exactly one thing, cryptography, and nothing else. This is the unix way.
All applications should be responsible for a single task, we have wonderful examples to show us that this modularity is very positive, powerful applications, few bugs, easy customizations.
OTOH we have only few examples of stable applications that have lots of functionalities, usually hard to customize, adapt to new paradigms and maintaince.
The idea is keep all development teams independent of each other, by following few, but well defined, standards. That's the way X works, we must choose a window manager, X developers don't need to worry about user interface.
IMHO this is the way it should be, of course, a tarball/rpm/deb/whatever that packs the application and GUI is a great idea, but much more important then this is the quality of the application
-=-=-=-=
I know life isn't fair, but why can't it ever be un-fair in MY favor!?
The version hosted on radiusnet was not a freeware version nor public domain, or whatever. It was PGP corporate desktop and other various COPYRIGHTED materials. I visited that sight every month or so for updated versions. Of course, now I use gpgp ;)
and sub-directories appear to also be missing,
even though not all of them were PGP related.
For example http://crypto.radiusnet.net/archive/pgp/gnupg is not available.
You are being MICROattacked, from various angles, in a SOFT manner.
after a quick look around at the other crypto 'mirrors' of supposedly linux software, I found the same NAI PGP Corp. Desktop 7.1.1 still available for download for Win32
PGP downloads
Violate DMCA
So says NAI
deus does not exist but if he does
I thought Eudora was dead. Yes, some people still use it but there isn't anymore active by QCalm or whoever it was.
I've still got the installer for the newest version of free PGP for windows. If anyone wants it.
The GeekNights podcast is going strong. Listen!
Somehow, I do not think I received my $1500 worth.
You should know better than to use commerical software. The purpose of a corporation is to maximize profits. Period.
Well, first off, this really isn't a problem seeing as how the superior (and open) GnuPG is available to all. (And yes, there are GUIs available.)
On the other hand, it's a scary look at how copyright with regards to software has apparently evolved into 'information control' instead of right to have a copy. How many proprietary software EULA's include a clause that XYZ company may terminate the license at any time? If I'm not mistaken, that means that someone like M$ or Adobe can walk into any office in the US that uses their software and shut them down at their own whim. And is there even a legal framework for forcing a refund? So lawyers or law experts, what you say about this?
If this is all true, you RMS bashing folks in the crowd ought to give the 'all proprietary is evil' ideology another mental run-around before something else like this comes around and bites you. How long before we need a "War on Proprietary Software"? (-:
I know gnupg has made some very big strides in this area, but clearly, now is the time to devise a framework upon which popular encryption is allowed to survive PGP.
The point isn't whether the geeks can do it. The point is whether some poor, persecuted soul in some totalitarian country, like -- um, you know -- can click a button and send an email out of the country or to his best friend, securely.
Clearly we would like to see front-ends developed for all the popular email applications that can accept code implementing any kind of encryption scheme whatsoever, and encryption algorithms that can fit into any popular email application available.
If somebody comes up with a new encryption algorithm, they shouldn't have to write code to support Evolution, Eudora, Outlook Express, so forth and so on.
Likewise, somebody should be able to write a front-end for a email application according to a specific API and expect to see every available encryption algorithm thus far implemented available from within that email application.
And of course, it all needs to be open source. If anything needs to be open source, it is this.
gnupg is great, but it presumes a single algorithm, doesn't it? Wouldn't it be much better to make it easier to introduce new algorithms into the mix? Put yourself in the position of the GS-7 analyst sitting in Virginia who has to run all these decipher jobs. If he gets to *assume* that the encryption being used is pgp-style, his workload is modest, he just needs to feed the file to the program.
But if he first has to figure out what algorithm is being used, suddenly his job becomes many orders of magnitude harder. Especially if there are hundreds if not thousands of algorithms out there, each and every one available to the common man for his use.
I know we're not supposed to rely on obscurity for encryption, but that presumes your only interest is in protecting a single channel of communication. If your interest is in protecting *all* channels of communication, obscurity becomes viable. Something as trivial as taking the output of gnupg and exclusive-or'ing with a Erica Rose Campbell jpeg would add another - if - statement to the NSA's decryption code. Add another 100 jpegs every day and very quickly the NSA's job becomes very, very hard.
I never liked PGP. They zip before encrypting, and I could never get an answer from Zimmermann as to whether or not the checksum survived the zip. If the checksum survives, all the NSA has to do is unzip every try at an encrypted file and see if the checksums match. Strip out the checksum, and their job becomes much harder. The checksum needs to go.
Is this truly the only Earth I can live on?
Why let commercial interests rob the public of essential tools?
Talk about making a case for GPL open source!
Shacof
Whats funny is originally PGP was released for free on the internet at a time when encryption software had heavy export restrictions. Being released for free on the internet was what made it so popular.
this is the most important sig ever! In your face 446154!
---------- Forwarded message ---------- ,
4 C: crypto.radiusnet.net/archive/pgp/+&hl=en
Date: Wed, 22 May 2002 14:41:59 +1000 (EST)
From: Grant Bayley
To: Declan McCullagh , R. A. Hettinga
Meyer Wolfsheim , peter_beruk@nai.com
Subject: Re: NAI pulls out the DMCA stick.
Hi Declan, others.
The hype being generated by the "NAI pulls out the DMCA stick" postings and the spectre of PGP being "removed from the Internet" is entirely bogus, and provably so with a little bit of fact checking.
Looking through the Google cache, it becomes very clear very quickly that crypto.radiusnet.net was hosting a copy of the commercial version of the software - not a copy of the PGPi (aka freeware) version of the PGP product. Given that this is the case, NAI is well within their rights to demand the removal of the files.
You can confirm this in the Google Cache, here:
http://216.239.33.100/search?q=cache:QA-H5VtPvP
Keep in mind that of the couple of crypto/security archives out there, the radiusnet one is basically the "abortion" of the bunch. It's disorganised and out of date in so many places as to be dangerous.
By "crypto/security archives", I'm referring to Wiretapped (www.wiretapped.net, which I operate), munitions.vipul.net, the zedz.net archives (ftp://ftp.zedz.net/) and Packetstorm (www.packetstormsecurity.org).
If this is the straw that breaks the radiusnet camel's back, I for one won't be complaining, if only because of the old and out of date material
on the site. In the case of tools that perform a security function using crypto (IPSec, ssh etc), being updated is critical, as a number of the older versions of the software have contained serious security problems.
Grant
Albeit there probably was something that shouldn't have been on the server.
But I can not stop laughing everytime I see this whole PGP flap.
What is going on is your all being scared to look for a warezed version, somehow it will be better than a older free version. Like somehow it is going to disappear.(sic)
Ah but perhaps your getting a backdoored version? Can you tell the difference? Could you tell the difference even if you have the source?
I wouldn't trust a damn thing that comes from NAI. Just check who they have been sleeping with.
I wouldn't trust a damn person that use's their product. Since they can't be very intelligent if they knowing use bad wares.
The right kind / and version of crypto, and the knowledge of the users is the key. Even then I bet that if "someone" who has lots of money wanted to crack your little measly key they could.
screw all the hype. save your bandwidth. who knows, you may even be tracked by "someone" for attempting to get specific filenames, off specific sites. Wanna be on that "list?"
I feel sorry for the clueless. They haven't been around long enough to know the difference. And that wisdom they probably never will get.
Have none of you heard of gnucleus? gnutella, free, spyware-free, open source?
Uh, unless you like spyware while you're installing encryption software. riiight.
Random and weird software I've written.
They are _not_ encouraging the widespread use of encryption.
The subject line here should be: Free Software Advocates shoot their mouth off without checking the facts.
Over 100 posts, and only one or maybe two have hit the nail on the head - the site was posting commercial, proprietary software. Not free software in whatever sense you like to use the term. Not open source either.
Please guys, get your facts right before posting.
Whoops - I forgot - this is Slashdot.
Home of irresponsible adhocratic journalism...
in case *you* are a moron, **you have been trolled!**
Richard Stallman was (once again) criticized by some of the slashdot crowd today in this article, about being pedantic, purist, impracticle etc. PGP/GPG is an excellent example of RMS being pedantic and purist, and rightly so.
RMS and the FSF have always been refusing to use PGP, because of its license. They have been critiziced along the same lines for this, since PGP was "free in a practical sense" i.e. free as in free beer, even though it had been written by "good guy" Phil Zimmermann. Today we may be glad that the FSF refused to use PGP, started to write GPG as soon as the RSA patent expired (i.e. as it was legally possible to write a clone without infringing on patents).
First they came for the Amiga, and I did not speak out because I was not an Amiga user.
Then they came for Be, and I did not speak out because I was not a Be user.
Then they came for Blender and I did not speak out because I was not a Blender user.
Then they came for PGP, and I was thankful that someone had spoken for me.
Many thanks to the GnuPG developers.
"I may not have morals, but I have standards."
If somebody comes up with a new encryption algorithm, they shouldn't have to write code to support Evolution, Eudora, Outlook Express, so forth and so on.
They don't. RFC2440 (plus RFC2015, 3156, etc.) are extensible; they support a broad variety of algorithms and are designed to support future algorithms. RTFFAQ.
Likewise, somebody should be able to write a front-end for a email application according to a specific API and expect to see every available encryption algorithm thus far implemented available from within that email application.
Microsoft CAPI provides just this. GPG Made Easy (GPGME) also makes it almost trivial to incorporate crypto support into your application. (ObDisclosure: I'm working on C++ bindings for GPGME, so I'm biased.)
gnupg is great, but it presumes a single algorithm, doesn't it?
RTFFAQ. OpenPGP supports more algorithms than you can shake a stick at. For instance:
Wouldn't it be much better to make it easier to introduce new algorithms into the mix?
No. In fact, I personally dislike the fact that most PGP implementations (including GnuPG) support so many algorithms. Every implementation must support 3DES, and y'know, 3DES has a twenty-five year track record of turning brilliant cryptanalysts into burned-out alcoholic wrecks. Anyone who wishes to use AES256 for "security" is missing the point--the most trusted algorithms aren't the latest sexy things. The most trusted algorithms are the ones which are older than God and uglier than a Soviet worker's housing bloc.
If he gets to *assume* that the encryption being used is pgp-style, his workload is modest, he just needs to feed the file to the program.
The analyst is already going to know what algorithms you're using. The way you plan these things is to assume the analyst has access to tens of thousands of times more computing power than exists in the world, tens of thousands of times more memory than exists in the world, knows you better than your wife does, and knows every last detail of your cryptosystem except what your key is.
Assuming anything else is absolute folly.
And yes, I am a cryptographer.
Especially if there are hundreds if not thousands of algorithms out there, each and every one available to the common man for his use.
There are three symmetric algorithms I would trust my deepest secrets to. IDEA, 3DES and Blowfish. AES isn't on that list (won't be for another couple of years while peer review shakes out). If I'm a professional in this field, and out of the literally thousands of different symmetric block ciphers proposed over the years I can only find three which I recommend without hesitation, and the other 997+ range somewhere between interesting-but-flawed and fatally stupid, I really doubt that you--a layman with no experience whatsoever--will be able to intelligently choose the three good ciphers out of a field which consists, mostly, of spectacularly bad ones.
Something as trivial as taking the output of gnupg and exclusive-or'ing with a Erica Rose Campbell jpeg would add another - if - statement to the NSA's decryption code
Please go read this book: Codebreaking, by Rudolf Kippenhahn. You have a critical misunderstanding of how cryptanalysis works. It doesn't work by a series of "try this, then try that, then try..." It works by looking for redundancies, patterns, in data and then creating a mathematical model which can recreate those same redundancies and patterns. If you're XORing with a JPEG, you're not going to be making it appreciably harder to break. There's a lot of mathematical order in a JPEG.
I would bother responding to your last comment about why PGP is "weak", but really, it's clear that you're talking through your hat. I can believe that you're utterly clueless, or I can believe that you're trolling. If the latter, then HAND, IABT. If the former, then please go off and read up on the subject.
I'd suggest starting with David Kahn's The Codebreakers, from there Rudolf Kippenhahn's Codebreaking, then Schneier's Secrets and Lies. Only then start to work on Applied Cryptography and the Handbook of Applied Cryptography.
Maybe it's unethical for you, but you're not authorative of ethics. Nobody is.
fuck off
you make funnel cakes from sperm
I used to and your mom loved them, but I had to give it up. The boiling oil splashing out wasn't good for my foreskin.
I have been pwned because my
So NAI wants to stop warez distribution of its full commercial (unbuyable or not) registered PGP suite. Perfectly reasonable.
Good to see the Slashdot editorial team is on the job! Nice work, Timothy!
-----
PGP Key ID 0xCB8FF658
For your reading pleasure:
-----
PGP for Unix, Version 5.0.2
LICENSE COPY OF NETWORK ASSOCIATES PRODUCTS
(Commercial, Executable Version)
Copyright (c) 1990-1998 Network Associates Inc., and its Affiliated Companies.
All Rights Reserved.
End User License Agreement for PGP for Unix
IMPORTANT-READ CAREFULLY: This Network Associates End-User License Agreement
("Agreement") is a legal agreement between you (either an individual or a single
entity) and Network Associates, Inc. (or "Network Associates") for the Network
Associates software product identified above, which includes computer software
and may include associated media, printed materials, and "online" or electronic
documentation ("Software Product"). By installing, copying, or otherwise using
the Software Product, you agree to be bound by the terms of this Agreement. If
you do not agree to the terms of this Agreement, you may not install or use the
Software Product; you may, however, return it to your place of purchase for a
full refund.
The Software Product is owned by Network Associates, Inc. and is protected by
copyright laws and international copyright treaties, as well as other
intellectual property laws and treaties.
1. GRANT OF LICENSE. Network Associates grants you (the original end-user,
except as permitted under 1 (g)) a non-transferable non-exclusive license to put
in use by a person or organization that agrees to be bound by the terms of this
Agreement, one copy or node of the Software Product. If you purchased this
Software Product from a retail store or directly from Network Associates as a
retail product for individual users, this license is effective until terminated.
If this Software Product was purchased in some other manner than as a retail
product, the license may have a term commencing on the Delivery Date of a
Product and continuing for an extended period of time as otherwise indicated in
your purchase order or as set forth in a separate and complementing Software
License Agreement to which this End User License Agreement is subject to.
a. Installation. You may install one copy or node of the Software Product on
one Client Device (defined as, any computer, workstation, personal digital
assistant, pager, "smart phone" or other digital electronic device for which the
software was designed and on which software may be used by an end user in
client-mode).
b. Use. You may use one copy or node of the Software Product on one Client
Device or Server (except as may be specifically provided below). The Software
Product is "in use" when it is loaded into the temporary memory (i.e., RAM) or
installed into the permanent memory (e.g., hard disk, CD ROM, or other storage
device) of a Client Device for the purpose of being accessible in client-mode by
one end user. Though the Server may be connected at any point in time to an
unlimited number of workstations or computers operating on one or more networks,
you must acquire a separate License for each end user who accesses or otherwise
utilizes the services of the Software Product. Any computer, workstation,
personal digital assistant, pager, "smart phone" or other digital electronic
device on which software may be used by an end user in client-mode shall be
referred to as a "Client Device." An end user who uses software on a Client
Device that accesses or otherwise uses the Software Product shall be referred to
as a "Seat." Each License must be dedicated to one unique Client Device or Seat.
It permits that Client Device or Seat to access or utilize the services of any
Server running a copy of the Software Product. The services of the Software are
considered to be accessed when there is a direct or indirect connection between
a Client Device or Seat and a Server. Use of software or hardware that reduces
the number of Client Devices or Seats directly accessing or utilizing the
Software Products (sometimes called "multiplexing" or "pooling" software or
hardware) does not reduce the number of Licenses required (e.g., the required
number of Client Access Licenses would equal the number of distinct inputs to
the multiplexing or pooling software or hardware "front end"). If the number of
Seats or Client Devices that can access or use the Software Product can exceed
the number of Licenses you have obtained, then you must have a reasonable
mechanism or process in place to ensure that the number of Client Devices or
Seats accessing or using the Software Product does not exceed the number of
Licenses you have obtained.
c. Volume Licenses. If this package is a volume license package (such as a
"corporate license" or a "corporate bundle"), you may make and use additional
copies or nodes of the Software Product up to the number authorized in this
package or in your corporate license agreement, or otherwise indicated at the
time of purchase. If the anticipated number of users of the Software Product
will exceed the number of applicable licenses, then you must have a reasonable
mechanism or process in place to ensure that the number of persons using the
Software Product does not exceed the number of licenses you have obtained.
d. Upgrades. If this Software Product is labeled as an upgrade or trade-up
from a prior version of a Network Associates product that you were properly
licensed to use, Network Associates grants you the right to put in use either
the current or prior version of the Software Product, and any prior version
license is replaced by this Agreement.
e. Support. Subject to U.S. export control laws and regulations, Network
Associates may provide you with technical support services relating to the
Software Product according to Network Associates' standard support policies and
procedures, which may be described in the user manual, in "on line"
documentation and/or other materials provided by Network Associates or posted on
Network Associate's web site ("Support Services"). Any supplemental software
code provided to you as part of the Support Services shall be considered part of
the Software Product and subject to the terms and conditions of this Agreement.
With respect to technical information you provide to Network Associates as part
of the Support Services, Network Associates may use such information for its
business purposes, including for product support and development. Network
Associates will not utilize such technical information in a form that personally
identifies you.
f. Dual Media Software and Multiple Platform Versions. If the package from
which you obtained this Software Product contains more than one medium (e.g.,
both 3 1/2" disks and a CD), you may use only the medium appropriate to your
computer. You may not use the other disk(s) on another computer or loan, rent,
lease, or transfer them to another user except as permitted under this Agreement
or as part of the permanent transfer (as provided above) of all the Software
Product and related materials. If the CD or disk(s) on which the Software
Product resides contains several copies of the Software Product, each of which
is compatible with a different operating system or platform architecture (such
as Windows95/NT, Macintosh, one or more versions of Unix, the x86 architecture,
or various RISC architectures), then you may install the Software Product for
use with any of those architectures up to the number of copies or nodes
purchased but in no event may you use any version(s) on another computer or
loan, rent, lease, or transfer them to another user except as permitted under
this Agreement or as part of a permanent transfer (as provided above).
g. Restrictions.
i) Transfer. The original of this Agreement is your proof of license
to exercise the rights granted herein and must be retained by you.
You may not rent or lease the Software Product, including all
accompanying printed materials.
ii) Other Restrictions. You may not reverse engineer, decompile,
disassemble or otherwise translate the Software Product, except and
only to the extent that such activity is expressly permitted by
applicable law notwithstanding this limitation. If this Software
Product is labeled "Evaluation Copy," "Not For Resale," "NFR" or to
any of those effects, this license only permits use for
demonstration, test, or evaluation purposes.
2. COPYRIGHT. The Software Product is licensed, not sold. All right, title
and interest in the Software Product (including any images, "applets,"
photographs, animations, video, audio, music, and text incorporated into the
Software Product), accompanying printed materials, and any copies you are
permitted to make herein, are owned by Network Associates, Inc. and its
affiliated companies or its suppliers, and the Software Product is protected by
United States copyright laws and international treaty provisions. Therefore,
you must treat the Software Product like any other copyrighted material (e.g., a
book or musical recording) except that you may either (a) make one copy of the
Software Product solely for backup or archival purposes or (b) transfer the
Software Product to a single hard disk, provided you keep the original solely
for backup or archival purposes. Such copy shall include Network Associates'
copyright and other proprietary notices. You may not copy the printed materials
accompanying the Software Product.
3. U.S. GOVERNMENT RESTRICTED RIGHTS LEGEND. The Software Product and
documentation are provided to the U.S. Government with RESTRICTED RIGHTS. The
U.S. Government acknowledges Network Associates' representation that the
Software is "commercial computer software" as that term is defined in 48 C.F.R.
12.212 of the Federal Acquisition Regulations ("FAR") and is "Commercial
Computer Software" as that term is defined in 48 C.F.R. 227.7014 (a)(i) of the
Department of Defense Federal Acquisition Regulation Supplement ("DFARS"). Use,
duplication or disclosure by the U.S. Government is subject to restrictions set
forth in subparagraphs (a) through (d) of the Commercial Computer-Restricted
Rights clause at FAR 52.227-19 when applicable, or in subparagraph (c)(1)(ii) of
the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013,
or at 252.211-7015, or to this commercial license, as applicable, and in similar
clauses in the NASA FAR Supplement, as applicable. Contractor/manufacturer is
Network Associates, Inc. 2805 Bowers Avenue, Santa Clara, CA 95051-0963.
4. EXPORT LAW. Export of the Software Product may be subject to compliance
with the rules and regulations promulgated from time to time by the Bureau of
Export Administration, United States Department of Commerce, which restrict the
export and re-export of certain products and technical data. If the export of
the Software Product is controlled under such rules and regulations, then the
Software shall not be exported or re-exported, directly or indirectly, (a)
without all export or re-export licenses and governmental approvals required by
any applicable laws, or (b) in violation of any applicable prohibition against
the export or re-export of any part of the Software.
5. TERMINATION. This Agreement will immediately and automatically terminate
without notice if you fail to comply with any term or condition of this
Agreement. You agree upon termination to promptly destroy the Software Product
together with all of its component parts, prior and replacement versions, and
all copies, modifications and merged portions thereof in any form.
6. LIMITED WARRANTY.
a. Limited Warranty. Network Associates warrants that the Software Product
will perform substantially in accordance with the accompanying written materials
for a period of sixty (60) days from the date of original purchase. To the
extent allowed by applicable law, implied warranties on the Software Product, if
any, are limited to such sixty (60) day period. Some jurisdictions do not allow
limitations on duration of an implied warranty, so the above limitation may not
apply to you.
b. Customer Remedies. Network Associates' and its suppliers' entire
liability and your exclusive remedy shall be, at Network Associates' option,
either (a) return of the purchase price paid for the license, if any or (b)
repair or replacement of the Software Product that does not meet Network
Associates' limited warranty and which is returned at your expense to Network
Associates with a copy of your receipt. This limited warranty is void if
failure of the Software Product has resulted from accident, abuse, or
misapplication. Any repaired or replacement Software Product will be warranted
for the remainder of the original warranty period or thirty (30) days, whichever
is longer. Outside the United States, neither these remedies nor any product
support services offered by Network Associates are available without proof of
purchase from an authorized international source and may not be available from
Network Associates to the extent they are subject to restrictions under U.S. export
control laws and regulations.
c. NO OTHER WARRANTIES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW,
AND EXCEPT FOR THE LIMITED WARRANTIES SET FORTH HEREIN, THE SOFTWARE AND
DOCUMENTATION ARE PROVIDED "AS IS" AND NETWORK ASSOCIATES AND ITS SUPPLIERS
DISCLAIM ALL OTHER WARRANTIES AND CONDITIONS, EITHER EXPRESS OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE, CONFORMANCE WITH DESCRIPTION, TITLE AND NON-
INFRINGEMENT OF THIRD PARTY RIGHTS, AND THE PROVISION OF OR FAILURE TO PROVIDE
SUPPORT SERVICES. THIS LIMITED WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS. YOU
MAY HAVE OTHERS, WHICH VARY FROM JURISDICTION TO JURISDICTION.
d. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE
LAW, IN NO EVENT SHALL NETWORK ASSOCIATES OR ITS SUPPLIERS BE LIABLE FOR ANY
INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL OR EXEMPLARY DAMAGES OR LOST
PROFITS WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS
PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR ANY OTHER
PECUNIARY LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE PRODUCT
OR THE FAILURE TO PROVIDE SUPPORT SERVICES, EVEN IF NETWORK ASSOCIATES HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ANY CASE, NETWORK ASSOCIATES'
CUMULATIVE AND ENTIRE LIABILITY TO YOU OR ANY OTHER PARTY FOR ANY LOSS OR
DAMAGES RESULTING FROM ANY CLAIMS, DEMANDS OR ACTIONS ARISING OUT OF OR RELATING
TO THIS AGREEMENT SHALL NOT EXCEED THE PURCHASE PRICE PAID FOR THIS LICENSE.
BECAUSE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF
LIABILITY, THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU.
7. GENERAL . These terms and conditions may not be modified, amended,
canceled or in any way altered, nor may they be modified by custom and usage of
trade or course of dealing, except by an instrument in writing and signed by a
duly authorized officer of Network Associates. THESE TERMS AND CONDITIONS SHALL
BE CONSTRUED AND ENFORCED IN ACCORDANCE WITH THE LAWS OF THE STATE OF
CALIFORNIA, UNITED STATES OF AMERICA. Any action or proceeding brought by anyone
arising out of or related to these terms and conditions shall be brought only in
a state or federal court of competent jurisdiction located in the county of
Santa Clara, California, and the parties hereby consent to the jurisdiction and
venue of said courts. Should any term of these terms and conditions be declared
void or unenforceable by any court of competent jurisdiction, such declaration
shall have no effect on the remaining terms hereof. These terms and conditions
are in the English language, and only the English language version hereof,
regardless of the existence of other language translations of these terms and
conditions, shall be controlling in all respects. The failure of either party to
enforce any rights granted hereunder or to take action against the other party
in the event of any breach hereunder shall not be deemed a waiver by that party
as to subsequent enforcement of rights or subsequent actions in the event of
future breaches. Network Associates reserves the right at any time without
liability or prior notice to change the features or characteristics of this
Software Product, or its documentation and related materials, or future versions
thereof. These terms and conditions constitute the complete and exclusive
statement of the agreement between us which supersedes any proposal or prior
agreement, oral or written, and any other communication between us relating to
the subject matter of these terms and conditions.
Copyright (c) 1990-1998 Network Associates, Inc. and its affiliated companies. All
rights reserved. PGP and Pretty Good Privacy are registered trademarks of
Network Associates, Inc. and its affiliated companies. The Software Product may
use public key algorithms described in U.S. patent numbers 4,200,770, 4,218,582,
4,405,829, and 4,424,414, licensed exclusively by Public Key Partners; the
IDEA(tm) cryptographic cipher described in U.S. patent number 5,214,703,
licensed from Ascom Tech AG; and the Northern Telecom Ltd., CAST Encryption
Algorithm, licensed from Northern Telecom, Ltd. IDEA is a trademark of Ascom
Tech AG. The Software Product may also include any of the following; compression
code which is provided by Mark Adler and Jean-loup Gailly, used with permission
from the free Info-ZIP implementation; LDAP software which is provided courtesy
University of Michigan at Ann Arbor, Copyright (c) 1992-1996 Regents of the
University of Michigan, All rights reserved; DB 2.0 software which is Copyright
(c) 1990, 1993, 1994, 1995, 1996, 1997 Sleepycat Software, Inc., All rights
reserved; software developed by the Apache Group for use in the Apache HTTP
server project (http://www.apache.org/), Copyright (c) 1995-1997 The Apache
Group, All rights reserved. Network Associates, Inc. and its affiliated
companies may have patents and/or pending patent applications covering subject
matter in this software or its documentation; the furnishing of this software or
documentation does not give you any license to these patents. Note: Some
countries have laws and regulations regarding the use and export of cryptography
products; please consult your local government authority for details. Should you
have any questions concerning these terms and conditions, or if you desire to
contact Network Associates, Inc. for any reason, please write: Network
Associates, Inc. Customer Service, 2805 Bowers Avenue, Santa Clara, CA 95051-
0963. http://www.nai.com.
I found that by relying on proprietary toothpaste products I'm becoming too relient on Procter and Gamble proprietary Crest brand toothpaste. If they and their IP lawyers decide not to provide the proprietary tooth polishing product to me or the population at large, we might have to switch to another product. It's a vicious cycle.
So many people like you focus on the 'problem' of proprietary software. It's bullshit. The problem is corporate behavior and governmental collusion. Individuals are now officially meaningless. The choice has become anarchy or communism. The GNU generation has choosen communism. I'm hoping for a little anarchy.
I just downloaded now, no problem...
we gave PGP up anyway... and embraced GPG! one of the problems with commercial software is that it can be taken away... try that with GPG.
It is an interesting issue because if licensed software can be terminated so easily, how can it be treated as an asset on the balance sheet? It is always a risk that support could be withdrawn, but if the right to use can also be be taken away, it kind of makes a good argument for Open Source software, particularly those licenses which are irrevokable.
Corporations will learn that leasson when huge numbers of people stop forking over huge amounts of money for Microsoft's products.
The Peru situation is pretty cool, but I'm still not holding my breath.
Build stuff. Stuff that walks, stuff that rolls, whatever.
Good old fashioned flamewar!
Get your Unix fortune now!
Sylpheed is the most underrated mail client.
boys and girls, ladies and gents,
watch closely... as your freedom to exercise your freedoms is taken away from you, without your consent, by inadequately prepared and well-compensated legislators.
Slashdotters are here discussing the symptoms and offering an opinion regarding the symptoms...lets talk about the CAUSE !
The DMCA is legislation that effectively strikes out at the creative foundations of our country. Like so much legislation preceeding it, the DMCA's creators have kneeled before the corporate dollar.
Who benefits from killing off curiosity ?
Who benefits from killing off free speech ?
Why the hell is a guy in jail for talking about some lousy EBook encryption, that is just really sad and morally wrong.
Books ARE meant to be read, right ?
I ask you these simple questions?
I offer you one explanation,
follow the almighty buck.
(its right about now that we will all be arrested for removing the tab from our mattress)
I note that under termination the only criteria is breaking the agreement. It does not say that NAI have the right to unilaterally revoke the licence without "just cause".
I'm hoping for a little anarchy.
Kid, go sit with the l337 w4rez d00d5 and script kiddies over there, quit annoying me.
There's your bloody anarchy.
There are already many good Windows programs for GnuPG. Look at the fine WinPT program which let you encrypt texts with every mail program available. Not as comfortable as a build in program but still easy to use. For key management you can use GPA. In Germany there is already a project which combines all these programs in one windows installable program with a very good documentation: GnuPP. There is also a plugin for Outlook available (not Express).
Imad's PGP Page
He's been updating the latest source release of PGP (6.5.8), adding features, and fixing bugs. The latest solid release if Build 08
Imad is based in Lebanon (so you can guess what he thinks of US IP Lawyers' threats)
It's largely irrelevant what's actually happened (although on first pass the story looks accurate) - the perception is terrible. It's alienating customers (tomorrow's potential customers in particular) and pissing of those of us with clue - you know, the technical people who actually develop products rather than powerpoint slides. It's going to make it harder to recruit good tech people, and may well push people into leaving (especially now the stock has tanked thanks to the revelations from the SEC investigation.) The product is not even being developed internally any more, and the PHBs seem to have given up looking for a buyer. Would it have killed you to open source it, or even put it in the public domain? No, it would have lead to a lot of goodwill and appreciation in the user community and the type of people who hang on slashdot WHO - of course - are OUR CUSTOMERS .
*sigh*. Management. Can't live with 'em: pass the beer nuts.
How can Network Associates enforce this? Public key cryptograph was discovered/invented at Bletchley Park, UK for our government use before it was independantly proposed in the US.
Isn't there something about prior art with these things?
Don't blame me - this
I've never used PGP myself. Just use GNU Privacy Guard and you'll not have not handle with these sorts of problems.
Oops, Linux don't do that.
It's very difficult to maintain compatibility with a backward OS, just ask the folks at Wine. =:>
The original poster is correct about things shifting under PGP. If you have not noticed, M$ is killing netscape style pulgins. This is only one example, many other things shift under M$. Have you seen M$?s new ASCII? Ever been frustrated when a print method shifted, forcing you to cut and paste your old program's output to some new piece of shit to print? Ever had a Printman that did not include ASCII box characters so that text art was broken? These are subtle ways of breaking old tools. You should expect more overt measures in the future from a company who's web sites refuse entry based on user-agent not Internet Exploder.
Also, you are a troll about old aplications not running. Debian has a an old libraries package that prommises to take care of problems. I would not know, because I've never had a problem like that.
Most "simple" utilities can be written as scripts that conform to standards for shells much older than 10 year old Linux. Awk, sed, cp, mv, how long have these names been around doing what they always do? Why bother to compile something that just calls reasonable tools for you? I suppose you could compile simple utilities like that if you 1)Don't have many tools so you can remember exaclty what they do without looking at the source, 2)Don't care to ever change what that utility does or how. Strangly enough, the only place that might be true is in an environment that lacks useful utilities to begin with, forcing you to compile substitutes of your own that can't be ported. Backward Compatible is right on target there.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
If you miss an easy-to-use interface, you haven't tried the Gnu Privacy Project.
e r.exe
It is an easy to use bundle which consists of GnuPG, GPA and WinPT all installed with one exe.
Project homepage: http://www.gnupp.org/
Download: http://www.gnupp.de/download/gnupp-1.1-en-install
- Cyberstar
for the open-source movement to use the DMCA against some of these corporations that currently use it for evil? Fight fire with fire!
It's about time that encryption was recognised as a tool to keep governments from spying on private citizens. The idea is that Goverment should have the power to spy on its citizens, but not that is should spend all of its time and resources doing so.
Did the dog circumvent your fence?
'Cause i did.
"Network Associates recently announced the closure of PGP Security business unit"
From pgp.com
Yeah, their poised to take over the PGP world.
There are 01 types of people in this world. Those that understand binary, and me.
I'm a former Lockheed Martin Employee, and well we used PGP when dealing with secure mail, in fact there is an entire infrastructure, I know they we're switching to PKI, I guess that pushes it up. Any Comments?
"You have a weak mind if you buy that quote"
He didn't. He got it for free. Just as was intended.
Although you seem to like going along with the crowd, eh, herr doktur?
I don't have anything to say at the moment about the larger issues being debated in this thread but I do have something to say about random number sources. If I wanted to fill a CD with good random numbers /dev/urandom is not how I would go about it. The quality of /dev/urandom is reasonable as uses bits of fluff like the delay between keypresses and chatter from the device drivers to create an "entropy pool" to seed a pseudorandom algorithm with. The problem is that it is slooooowwww. Most goings on in a normal desktop PC are very very ordered and deterministic. The few that aren't represent a very small amount of entropy.
All of this means that the process that is generating your iso is going to see short bursts of data inbetween long periods of entropy gathering. That CD will probably take hours at least to generate. Also I said the quality of the data is "reasonable". If one means to keep the government or a well heeled corporate attacker out of the cyphertext it may not be good enough. Even the non-deterministic processes in a PC likely have a fair amount of order in them. In other words, that entropy pool is probably good enough to make a 2048 bit assymetric key. It probably wouldn't do for a 650MB iso. The longer the string of numbers, the more likely hidden order can be found.
The way I would is to sample the output of a white noise generator. The output of the ADC is then used to seed a good pseudorandom algorithm. The reason why we use the white noise as a seed is to obliterate any bias in the data caused by such factors as the slew rate, bandpass of the analog circuitry making the white noise or any subtle imperfection that may exist in the ADC. A reverse biased transistor is one source of analog noise. This would be a high speed generator of quality random numbers. The speed would only be limited by the clock rate of the ADC or rate at which the PC can process the output.
The DMCA is simple really... it means: "Do your Mom's Cunt and Ass"
I don't know if it has any of the vulnerabilities of later versions, but I don't think it does, and it is a source distribution.
More people should mirror this source distribution, or just start using, and developing GnuPG.
If you say there aren't any good plug-ins or gui's for windows, well, develop them. Most people here don't use windows, and even those that do probably don't find it to hard to integrate what is already there with GnuPG.
This is a short coming of Open Source development that maybe you can address. The technically minded people that develop open source tend to find work arounds, and leave it at that, or know and understand the *nix mentality of small tools linked together, and use that philosophy.
This isn't good enough for the average user, and if you think you know what the average user really wants, then take a swing, make a following for yourself.
Phil Z. split the rights to PGP with the guy who was responsible for putting the PGP effort together, and for releasing the code. That guy never relinquished his rights, last I heard.
So at the most, NAI owns Phil's half of the code, and doesn't have full authority to limit the publication of PGP.
Here is a GPG plug-in for Outlook. This plugin is so good and so easy, you will actually consider using Outlook as your mail client.
It will even install GPG for you if you don't already have it.
gnupp.com is the same site in English.
Will linux run on PGP from MIT or is it too old?
Oh, but it does...
"7. GENERAL . These terms and conditions may not be modified, amended, canceled or in any way altered, nor may they be modified by custom and usage of trade or course of dealing, except by an instrument in writing and signed by a duly authorized officer of Network Associates. "
If you write a PO that says you want only a three year license you get what you pay for.
NAI no longer publishes their source code. Backdoors? "Trust us", they say. "Fuck that", I say.
NAI killed the PGP line of their products because it wasn't making any money.
The government did not object to PGP being released; they objected to PGP being exported, and zimmerman got shit for it, and although it's unfortunate, he WAS in violation of federal export control laws regarding munitions. Yes, those laws were rediculous and unenforceable, but they pre-dated pgp by quite a number of years.
NAI's pgp for windows is excellent. The eudora plugin works almost perfectly (automatic decryption seems to not work at all for me.. anyone know about this?). It has good keyserver and key management functions, and supports x.509 certificates as well.
That's exactly right, asshole! I guess you have a problem with some people making a living. Seems like you subscribe to the RMS/Karl Marx school of thought...
Kill yourself.
Postulate that there is a God, who created the universe. Would he be ``authorative of ethics''? Can you prove that there is no such God?
Proprietary software is a problem because there is so much room for abuse ALONG with the technical disadvantage of not being able to modify the software if needed. Corporate behavior is not going to go away any time soon so don't think you'll solve the problem there. Get rid of M$ and another will take their place.
btw, GNU has absolutely nothing to do with communism. If you believe that, you either have no idea what communism is or are confused on the nature of the GPL license. Communist economies have centralized dictatorial control. GNU is decentralized and uncontrolled. You may disagree with RMS all you like, but the fact is, he has no power whatsoever.
> > Umm, call me crazy but I think that one-time-pads are a form of secret-key symmetric cipher.
> You're right of course, I've gotten in the habit of regarding one-time pads as being in a class of their own. Something about their being the only kind of crypto that will survive quantum computing.
Alice takes some plain text and a key (which happens to be as long as the plain text and taken from the next however many bytes of her one-time pad), feeds the key and the text to some agreed algorithm (which happens to be XOR), and sends the resulting ciphertext to Bob.
Bob takes the same key Alice used (which happens to be the same number of bytes from a matching one-time pad) and Alice's ciphertext, feeds the key and the ciphertext to some other agreed algorithm (which happens to be XOR), and gets Alice's plain text out.
Sounds suspiciously symmetric to me; you just happen to be using the next however many digits of your one-time pad rather than picking a key yourself.
-=-=-=-=-=-
In OpenPGP, the hypothetical cryptoanalyst trying to read your message does know which algorithm you used. How? Because you told them in the header.
If the message doesn't, in some way, include the algorithm, your recipient will have to specify which algorithm you used.
Now: Click on e-mail, enter passphrase, wait, read decrypted message
Your idea: Click on e-mail, get a window asking you for the algorithm, select 3DES with some key followed by ROT13 followed by XOR with some key followed by cyclic shift left by 47 bits followed by ElGamal followed by XOR with DeCSS source code followed by RSA, enter 3DES, XOR, ElGamal and RSA keys, wait quite a while, read decrypted message. I think collecting the encrypted mail and feeding it to GnuPG/Ciphersabre/<your one-time-pad program here> manually is probably easier.
Not happy with that sort of usability? OK, how about entering a key, and waiting for your computer to run through all the available algorithms trying to decrypt the message with that algorithm/key pair? I don't want to have to (partially) brute-force crack my own mail :-)
Taking your idea to its logical conclusion, I can construct an unbreakable encrypted message using a simple algorithm involving "dd if=/dev/random" (or rand() for entropy-impaired OSs). It's a pity the recipient can't decrypt it either.
It's not as if you're necessarily gaining anything - chaining together multiple encryption steps doesn't necessarily make anything more secure (triple ROT-13 is only as secure as ROT-13, quadruple ROT-13 is less secure :-)
Come to think of it, how are you going to get people using your arbitrarily complex encryption if they know "the enemy" can decrypt their messages? You seem to be relying on weight of data to make it unlikely that "the enemy" decrypt your particular message, but if your scheme isn't popular, it'll be quite likely. Even if it is popular, from how you seem to want it to work, anyone who's specifically out to get you can get at your particular messages pretty easily; so in fact, your idea would only work against an organisation that wanted to spy on everyone ::cough.govcough::, and would be pretty useless against someone who knew who you were and that you were their target.
You LOSE!
Yes, the recipient would have to know how you've encrypted the message, and if that information is included in the header it makes the scheme worthless. The encryption being used would have to be agreed upon out-of-band. I don't see that as being as onerous as everybody thinks it will be. It's nice that there is a way to encrypt messages to people you've never met, but I have no need to communicate securely with people I don't know.
When I want to send information securely, it is to somebody I know, who've I've met, who I talk to over the phone, etc. Maybe it's source code, contract negotiations, sweet nothings in her ear.
It seems to me that we are losing a lot by buying into only a few algorithms. We're putting all our eggs in one basket, so to speak. If these ciphers are breakable, then we're allowing the NSA to automate all of their cryptoanalysis!
I disagree that this would have to be popular in order to be effective. Or, maybe it depends on what you mean by popular. If the ability is widespread and some number -- even if it is only in the hundreds say -- are using the software, then the NSA has to code for it, right?
A lot of things have to be done right. The software has to have a very easy-to-use interface that generates the algorithm. This algorithm then has to be representable as a number that can then be communicated to the desired addressee who then can enter that number into her system and associate it with email coming from you.
Again, the algorithm being used here can sit atop something more robust, like triple-DES, so it wouldn't be easy to crack at all, or at least, no easier than cracking triple-DES, so there is a security factor that can be advertised here... noone need shy away from this approach because it isn't strong.
What we're doing now is giving the NSA a very focused point of attack. By getting everybody to use as many different encryption standards as possible, we promote the demise of Echelon-like activities.
Think of obscurity as something that sucks for an individual application, but which scales really really well. After a certain point, it becomes overwhelming. Yes, the NSA will still be able to target specific messages, but this business with sweeping through everybody's traffic in due course is effectively finished.
Is this truly the only Earth I can live on?
No, ethics are an individual thing. Morals are ethics imposed on others. :)
But if people are spending money to provide a resource to me, I feel that it's only ethical to repsect their wishes about how I would access it.
I don't expect all other people to feel that way, but I wanted to flag that I did.
deus does not exist but if he does
> To try is to never gain a "meeting of the minds", an absolute pre-requisite to contracts.
NO! The "meeting of the minds" is frequently repeated by many, including some lawyers and some textbooks, but it's just plain WRONG.
The standard is objective, not subjective. The validity of the contract is determined *entirely* from the provable circumstances, not what anyone thought they were doing.
Also, as long as I'm at it, boilerplate statements that the boilerplate can't be changed, and written contracts that prohibit oral modifications, range from tricky to flat out invalid. The oral change to the contract changes and sets aside the no oral changes rule . . . "no unauthorized person may change" isn't overrriden by a purported change by an unauthorized person, but there might not be an offer and acceptance (the actual rule), or the contract may be other than intended . .
hawk, esq
Since the ITAR (or is it the commerce department now) regs changed so that people didn't have to scan in the source code to PGP overseas there hasn't been an "i" version. PGP Freeware is available globally as PGP 6.5.3, PGP 6.5.8, PGP 7.0.3. (http://www.pgpi.org/products/pgp/versions/freewar e/win2k/)
Since NAI stopped publishing the complete source code for the latest versions, and then Phil left, I'm not sure how far I would trust the later versions.
Now I'm not saying that he wasn't distributing the non-free versions, but just because someone is posting a late non-"i" version doesn't necessarily mean that it's not the free version.
Just my $0.02 (Canadian, before taxes)