Received: by toad.com id AA16930; Sun, 10 Sep 95 02:10:05 PDT From: anonymous-remailer@shell.portal.com Subject: PGP in UK

-----BEGIN PGP SIGNED MESSAGE-----

I heard something rather disturbing the other day from someone I do business with. I've been telling this company for 18 months or so about the advantages of PGP and email rather than faxes, and they finally tried it, liked it, and decided to use it a month or so ago. Last week they got a visit from the Department of Trade of Industry and MI5 (or is it MI6?) telling them to stop using PGP or they might find difficulties getting export licences for their products in future. The visitors wouldn't say how they knew this company had been using it.

PGP IS MARKED! Well, I just used MIT's PGP 2.6.2 with 3 different users' public keys to encrypt 3 different files. In all 3 files, the first 3 characters were the same (an umlauted A, then an i with an up arrow over it, and then a heart). This beginning 3 character string is apparently the infamous PGP RSA signature. The signature that says to spooks' programmed encryption sniffers - "HEY! I'M PGP - GIVE ME A LOOK!." When are the PGP designers and coders going to get serious and de- velope STEALTH PGP inside PGP itself!? I think that it would take the states at least many thousands of times the computing cycles to spot PGP encrypted files without the RSA signature. - IF it were practical to look for STEALTH PGP at all when snooping communications networks. So what, -that "only a few companies" will be discovered to be using PGP through the RSA signature!? Those few companies are the seeds for the vast numbers of companies that would follow them in using PGP over the Internet. The RSA signature is the flag that allows the spooks to easily net the bold first companies. The RSA signature is greatly impeding the spread of PGP use over the Internet. PGP MUST BE STEALTHED!! ENCRYPTION METHODS' "RANDOM" SIGNATURE PGP files are, of course, compressed to remove redundancy and thus make the method stronger. This, along with the algorithm, produces a "random" bit file. I believe that most files on the Internet are not compressed and thus would show order on statistical sniffing programs. Of the files that are compressed, by PKZIP for example, I believe they would probably have a compression string signature particular to that compression met- hod. Otherwise, compressed files show more randomness. I don't know if compressed programs show an order throughout the file. If they do, then, possibly, PGP could have a function added to it to duplicate this order. This suggests that PGP should also have a function that makes a phoney compression method signature. This would allow PGP'ed files to hide amoung compressed files on the Net. ----------- With the removal of the PGP RSA signature and the addition of phony compression signatures, PGP'ed files would travel the Net without draw- ing attention to themselves. This would greatly facilitate the growth of PGP traffic by organizations. MICROSOFT VERSUS BORLAND FOR COMPILING/ASSEMBLING PGP Oftentimes, Borland C and Assembler can be bought at prices that are a fraction of the price of Microsoft C and Assembler. This suggests that PGP should be programmed with Borland instead of with Microsoft. I think that this would be a step in making PGP a real peoples' encryption method. It is more practical for people to get Borland programming soft- ware than Microsoft programming software. This change from Microsoft to Borland might encourage a lot of experimentation and innovation by a lot of individual and small group programmers.

The person who told me about this also said something about a Department of Trade & Industry paper which mentioned that the British Government was going to insist on key escrow for encryption. I had hoped to get a copy of this, but he can't find it at the moment. I'll post the text when I get it if anyone's interested.

Anyone else in the UK heard anything about this?

- -- B.

-----BEGIN PGP SIGNATURE----- Version: 2.6.i

iQEVAgUBMFGPfeHVHXeXphJJAQFJ0Af/Svh0ifULgpEuauSBPFreDDJoa/a1gcPe ya3CjOde9kVuN0IkBHFubO18MrAO6WbwlhVa/X/pjG4vbSahonpzmgHHfkVW20Gh qlhBwFLElTmOgspSjHJ74sYNUM2YZ+AKOyNwW4ix6woJ0WL0NP+cV8CZv4tdEH4l EI3/FuoFccbkKMk7QYoRPOyj5FI4GiFxVsg1GFOU3r83bxfJDfU2yZdImEBx/Nlc gteizqFTF/QiKckl6f5NzCBzaoIcMw0VLN8dAGLqzDycJtFqGdOPgvgSt1LwXKBs +zJM5Z/laubYm5SiEPy4oVz9N3lT4EOzEtdMEoiSC6IiSDSaURkEAA== =GiY0 -----END PGP SIGNATURE-----

-----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.i

mQENAi8KzVoAAAEH/2gPfD2Xdw1nDAXtMH/F5iCMrwdXHXolEfOjRP59QP1Yodhb L+NGSNls67+H1us5PP5EpHDbHRy66ExgRK7XdZ/2qz0SsbTG+R6pRIILmMfgd3Nj M6uq1DehdxWPdp4PMC9LNrG2V9QrRGPgpHhr3iDfy+p6JTjW8XCYUXn5POt0wBs2 n/vlowjLf9dVYwUKP58V9gokNsFlGcB08gEbxKa9Y2X7zB3BAlywPVdKVh+BOTCK z1Sofx9Wup0MEXEDEESLDSq/634hzzVx6Kt54cZBbi5nAdPHWlGHZl5vU93A3jPE fh59JXsCZmWKLXMjZtjcIJYkC4hC4dUdd5emEkkABRG0DEIuIERlIExhIFBheokB FQIFEC8g7yzh1R13l6YSSQEBD+4H/ir8R4iw1tWLUuxz6etmV99OhMUYoI5lQnxz 9KARQf4eD3xHPoMw6tHLKOUR8xYS9i2RmkhJrPRzCfD5OKSOBEHuIQEt/+dcbCuw 0fxn9NrU7NjFWwWKQ+0jYikN3hfIWcPmGtyhQ0KSrGfUDo5+rJr5Cy4U6eOooepv gYniecNNVAzQ2KDiWTOZ5zqG3zBAYj6uw8LHvBR1qol2YcJ4s02c4GdAZmzEq49s nDBortKfWUAxZkESBt2tMx8gYq6b38evYJBLXOqEN5Lt/5zf0nG1u0BEWBLaCj55 y8lh1KolVOu808tX9blOrjqwEB12vngjXzf7hHWohrGrrQVT2N4= =5qEt -----END PGP PUBLIC KEY BLOCK-----

THE UNITED STATES "FEDERAL" GOVERNMENT HAS NO LEGITIMACY. The United States "Federal" Government - We'll be even more American without it. PUSH EM BACK! PUSH EM BACK! WWWAAAYYYY BBBAAACCCCK! BBBEEEAAATTTT STATE!