From: stale@hypnotech.com (Stale Schumacher)
Newsgroups: alt.security.pgp
Subject: PGP 2.6.3i has been released
Date: 18 Jan 1996 19:53:15 +0100


-----BEGIN PGP SIGNED MESSAGE-----

While we are all waiting for PGP 3.0 (aka PGP 96), here's something to
light up in the new year: the latest international PGP (version 2.6.3i)
has just been released. :-)


THE MAIN STORY

* PGP 2.6.3i is not an official PGP version. It is based on the source code
  for MIT PGP 2.6.2 (the latest official version of PGP), and was developed
  by an international team of programmers and beta testers.

* PGP 2.6.3i fixes lots of bugs present in the PGP 2.6.2 and 2.6.2i releases.
  It also adds a few new features, while maintaining compatibility with
  earlier versions.

* PGP 2.6.3i is only available for non-commercial use outside the USA.
  However, the source code may also be compiled for use within the USA. By
  adding the -DUSA option and linking with RSAREF, you will get a version
  called 2.6.3. It contains all the same bug-fixes and improvements as 2.6.3i,
  but it will be slightly slower, and the "legal kludge" cannot be disabled.
  For all practical purposes, PGP 2.6.3 will be functionally identical to PGP
  2.6.3i, and it will be 100% legal to use within the USA.

* PGP 2.6.3i will be available for all major platforms, including DOS, OS/2,
  Macintosh, Amiga, Atari, VMS and Unix.

* PGP 2.6.3i may be downloaded now from:

  http://www.ifi.uio.no/pgp/
  ftp://ftp.ifi.uio.no/pub/pgp/


DISTRIBUTION

PGP 2.6.3i is distributed in the following files:

  pgp263i.zip      This is the MS-DOS executable release, which includes the
                   executable, support files, and basic documentation.

  pgp263ix.zip     This is a 32-bit MS-DOS compilation of PGP. If you have a
                   386 processor or better, this version will give you a
                   slightly better performance than the ordinary (16-bit)
                   MS-DOS version.

  pgp263i-os2.zip  This is the OS/2 executable with documentation and support
  (pgp263i2.zip)   files.

  pgp263is.zip     This is the source code release, which includes all the
                   source code needed to compile PGP and examples of usage.
                   It also contains all the files in pgp263i.zip except the
                   pgp.exe binary.

  pgp263is.tar.gz  This contains exactly the same files as pgp263is.zip,
                   except that they use Unix rather than MS-DOS line end
                   conventions.

Binaries for other platforms (Atari, Amiga, Macintosh, etc.) will be
available soon. However, they will not be signed by me.


DIFFERENCES BETWEEN PGP 2.6.3i AND 2.6.2

PGP 2.6.3i differs from MIT PGP 2.6.2 in the following ways:

  (1) It identifies itself as version 2.6.3i

      This is to clearly distinguish it from other PGP versions. This is
      important because users within the USA should not use PGP 2.6.3i, and
      also because script files, shells and other PGP add-ons may need to
      know exactly how your copy of PGP will behave under different
      circumstances. If you compile your copy of PGP using the -DUSA option,
      you will get a version called 2.6.3 instead.

  (2) It uses PRZ's MPILIB instead of RSAREF

      PGP 2.3a and earlier versions use a special library for all the RSA
      encryption/decryption routines, called MPILIB, and written by Philip R.
      Zimmermann (PRZ), the original author of PGP. However, starting with
      version 2.5, all official releases of PGP have been using the RSAREF
      library from RSADSI Inc, a US company that holds the patent on the RSA
      algorithm in the USA. This change was made in order to make PGP legal
      to use within the USA.

      Please observe that PGP 2.6.3i does NOT use RSAREF, but rather PRZ's
      original MPILIB library, which is functionally identical to RSAREF and
      slightly faster on most platforms. Because 2.6.3i uses MPILIB rather
      than RSAREF, this PGP version is also able to verify key signatures made
      with PGP 2.2 or earlier versions. This is not true for MIT PGP, because
      the RSAREF library only understands the new PKCS signature format
      introduced in PGP 2.3.

      The use of the MPILIB library is the main reason why PGP 2.6.3i is
      probably illegal to use within the USA. If you are in the USA, you
      should compile the source code using the -DUSA option and link it with
      the RSAREF library rather than MPILIB.

  (3) It lets you disable the "legal kludge"

      PGP 2.6.2 contains a "feature" that will cause it to generate keys and
      messages that are not readable by PGP 2.3a and earlier versions. This
      is the "legal kludge", and was introduced to encourage users in the USA
      to upgrade from PGP 2.3a.

      PGP 2.6.3i provides you with a way to disable the "legal kludge". This
      means that messages and keys generated with PGP 2.6.3i can be used and
      understood by all existing 2.x versions of PGP. To disable the legal
      kludge, uncomment the following line in your config.txt file so that it
      reads:

      legal_kludge = off

      This option may also be set on the command line: "pgp +le=off <command>".
      If you compile PGP using the -DUSA option, the legal kludge cannot be
      disabled.

  (4) It allows you to generate keys up to and including 2048 bits

      Because of a bug in PGP 2.6.2, this version would not let you generate
      keys bigger than 2047 bits on some platforms. This problem has been
      corrected in PGP 2.6.3i.

  (5) It contains a number of bug-fixes

      PGP 2.6.3i also fixes a number of other bugs found in PGP 2.6.2, most
      notably the signature bug for keys over 2034 bits, as reported by
      ViaCrypt. PGP 2.6.3i will also let you clearsign messages in 8-bit
      character sets, such as Russian, Japanese, Korean etc. Many other
      bugs have also been corrected, see pgp262i.dif and pgp263i.dif for
      details.

  (6) It contains a number of new features

      Version 2.6.3i adds some new functionality to PGP, while maintaining
      compatibility with older versions, e.g.:

      a) You may now specify additional user IDs from a separate file when
         encrypting a message to multiple recipients. This is particularly
         useful on MS-DOS systems, which impose an upper limit of 127
         characters on the command line. The command line syntax is:

         pgp -eat filename.txt user1 user2 -@moreusers.txt

         The file moreusers.txt is a normal text file with one key ID or user
         ID on each line.

      b) Userids can be automatically signed with your secret key when
         creating keys ('pgp -kg') or adding new userids ('pgp -ke'). This
         is controlled through the new AutoSign option in the configuration
         file.

      c) When extracting keys with the 'pgp -kxa' command, PGP 2.6.3i will
         label the ASCII output with a text similar to that of the 'pgp -kv'
         keyring listing.

      d) When clearsigning messages, PGP 2.6.3i will add a "Charset:" header
         to the signature block, explaining which character set was used for
         creating the signature. This will help the recipient of the message
         to select correct character conversion when verifying the signature.
         If he/she is using version 2.6.3i, PGP will automatically choose the
         correct character set, thereby eliminating a lot of "Bad signature"
         problems.

  (7) It can be compiled on many new platforms

      PGP 2.6.3i has been modified in order to let it compile "out of the box"
      for such platforms as Amiga, Atari, VMS, IBM mainframes running MVS and
      Windows NT/Windows 95. Furthermore, the Macintosh port of PGP is now
      integrated into the main source distribution. PGP 2.6.3i will also
      compile under MS-DOS using Borland C (MIT PGP 2.6.2 only supports
      Microsoft C).

  (8) It includes updated documentation and language files

      The language files for MIT PGP 2.6.2 had not been updated for a long
      time. This has been fixed in this version. PGP 2.6.3i comes with
      a combined translation file for German, French and Spanish. Additional
      language modules may be downloaded from:

        http://www.ifi.uio.no/pgp/modules.shtml
        ftp://ftp.ifi.uio.no/pub/pgp/lang/

      All the other text and documentation files for PGP 2.6.3i have also
      been brought up to date, with the exception of PRZ's original PGP
      Users's Guide from PGP 2.6.2, which is included unmodified in the
      various distribution archives.

  (9) It includes additional PGP tools

      The PGP 2.6.3i source code distribution contains two new tools for use
      with PGP, called Stealth and PGPSort. Take a look in the contrib/
      subdirectory for details. The binary distributions now contain pre-
      compiled versions of PGPSort and MD5Sum.


COMMENTS AND BUG REPORTS

PGP 2.6.3i was put together by Stale Schumacher <stale@hypnotech.com> with
the help of many individuals around the world (see the file pgp263i.dif for
details). All questions regarding PGP 2.6.3i should be addressed to
pgp-bugs@ifi.uio.no. Please note that PRZ, MIT and the University of Oslo have
nothing to do with this release. Comments, bug reports and suggestions for
future releases are welcome.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQCVAgUBMP6VkLCfd7bM70R9AQGWGQP/We4i4X7mRSo9zrN0Qx9AauzT8+OVAacy
n6PqOcw1ARqqoDPPbJlewXm+u2hcxfMBV868liLg23d4krqH1CKFA/31RjEVZBAE
2X9EEza7INL6rdHy9HxeWrpRDTlstdIzTxMtLoz64un3hxJpmBx22JyLns8A7QOk
AxF7U2cz4HM=
=2ajf
-----END PGP SIGNATURE-----


  .
Stale

-- stale@hypnotech.com -- http://www.ifi.uio.no/~staalesc/