--- pgp/doc/pgpdoc2.txt	2018/04/24 16:39:43	1.1.1.1
+++ pgp/doc/pgpdoc2.txt	2018/04/24 16:40:34	1.1.1.2
@@ -14,10 +14,10 @@
 		      Volume II: Special Topics
 		      -------------------------
 			 by Philip Zimmermann
-			   Revised 6 Mar 93
+			  Revised 14 Jun 93
 
 
-		      PGP Version 2.2 - 6 Mar 93
+		     PGP Version 2.3a - 1 Jul 93
 			     Software by
 			  Philip Zimmermann
 				 with
@@ -365,7 +365,7 @@ encrypts the plaintext.  Normally, this
 discarded by PGP when it decrypts, but you can tell PGP you want to
 preserve the original plaintext filename and use it as the name of
 the decrypted plaintext output file.  This is useful if PGP is used
-to on files whose names are important to preserve.
+on files whose names are important to preserve.
 
 To recover the original plaintext filename while decrypting, add 
 the -p option, like so:
@@ -391,12 +391,18 @@ you may be known by more than one name o
 title.  PGP lets you attach more than one user ID to your key, any
 one of which may be used to look up your key on the key ring.
 
-To edit your userid or pass phrase for your secret key:
+To edit your own userid or pass phrase for your secret key:
 
      pgp -ke userid [keyring]
 
 PGP prompts you for a new user ID or a new pass phrase.
 
+The optional [keyring] parameter, if specified, must be a public
+keyring, not a secret keyring.  The userid field must be your own
+userid, which PGP knows is yours because it appears on both your
+public keyring and your secret keyring.  Both keyrings will be
+updated, even though you only specified the public keyring.
+
 
 
 Editing the Trust Parameters for a Public Key
@@ -412,6 +418,9 @@ To edit the trust parameters for a publi
 
      pgp -ke userid [keyring]
 
+The optional [keyring] parameter, if specified, must be a public
+keyring, not a secret keyring.
+
 
 
 Checking If Everything is OK on Your Public Key Ring
@@ -1738,87 +1747,76 @@ provided "as is" without express or impl
 Patent Rights on the Algorithms
 -------------------------------
 
-When I first released PGP, I half-expected to encounter some form of
-legal harassment from the Government.  Indeed, there has been legal 
-harrassment, but it hasn't come from the Government-- it has come
-from a private corporation.
-
-The RSA public key cryptosystem was developed at MIT with Federal
-funding from grants from the National Science Foundation and the
-Navy.  It is patented by MIT (U.S. patent #4,405,829, issued 20 Sep
-1983).  A company in California called Public Key Partners (PKP) holds
-the exclusive commercial license to sell and sub-license the RSA
-public key cryptosystem.  The author of this software implementation
-of the RSA algorithm is providing this implementation for educational
-use only.  Licensing this algorithm from PKP is the responsibility of
-you, the user, not Philip Zimmermann, the author of this software
-implementation.  The author assumes no liability for any patent
-infringement that may result from the unlicensed use by the user of
-the underlying RSA algorithm used in this software.  Foreign users
-should note that the RSA patent does not apply outside the US, and
-there is no RSA patent in any other country.  Federal agencies may
-use it because the Government paid for the development of RSA.  
-
-Unfortunately, PKP is not offering any licensing of their RSA patent
-to end users of PGP.  This essentially makes PGP contraband in the
-USA.  Jim Bidzos, president of PKP, threatened to take legal action
-against me unless I stop distributing PGP, until they can devise a
-licensing scheme for it.  I agreed to this, since PGP is already in
-wide circulation and waiting a while for a licensing arrangement from
-PKP seemed reasonable.  Mr. Bidzos assured me (he even used the word
-"promise") several times since the initial 5 June 91 release of PGP
-that they were working on a licensing scheme for PGP.  Apparently, my
-release of PGP helped provide the impetus for them to offer some sort
-of a freeware-style license for noncommercial use of the RSA
-algorithm.  However, in December 1991 Mr. Bidzos said he had no plans
-to ever license the RSA algorithm to PGP users, and denied ever
-implying that he would.  Meanwhile, I have continued to refrain from
-distributing PGP, although I continue to update the PGP User's Guide,
-and have provided the design guidance for new revisions of PGP. 
-Ironically, all this legal controversy from PKP has imparted a
-forbidden flavor to PGP that has only served to amplify its universal
-popularity. 
-
-I wrote my PGP software from scratch, with my own implementation of
-the RSA algorithm.  I didn't steal any software from PKP.  Before
-publishing PGP, I got a formal written legal opinion from a patent
-attorney with extensive experience in software patents.  I'm
-convinced that publishing PGP the way I did does not violate patent
-law.  However, it is a well known axiom in the US legal system that
-regardless of the law, he with the most money and lawyers prevails, 
-if not by actually winning then by crushing the little guy with legal
-expenses.  
+The RSA public key cryptosystem was developed at MIT, which holds a
+patent on it (U.S. patent #4,405,829, issued 20 Sep 1983).  A company
+in California called Public Key Partners (PKP) holds the exclusive
+commercial license to sell and sub-license the RSA public key
+cryptosystem.  
+
+PKP has not granted a patent license for anyone to use their RSA
+algorithm in PGP.  The author of this software implementation of the
+RSA algorithm is providing this implementation for educational use
+only.  Licensing this algorithm from PKP is the responsibility of
+you, the user, not the author.  The author assumes no liability for
+any patent infringement that may result from executing the RSA
+algorithm on the user's computer without a license from the RSA
+patent holder.
+
+Non-US users should note that the RSA patent does not apply outside
+the US, and there is no RSA patent in any other country.  Federal
+agencies may use it because the Government paid for the development
+of RSA with grants from the National Science Foundation and the
+Navy.  And companies that have already licensed the patent from PKP
+may be able to use PGP, depending on the terms of their license. 
+
+I wrote my PGP software from scratch, with my own independently
+developed implementation of the RSA algorithm.  Before publishing
+PGP, I got a formal written legal opinion from a patent attorney with
+extensive experience in software patents.  I'm convinced that
+publishing PGP the way I did does not violate patent law.
 
 Not only did PKP acquire the exclusive patent rights for the RSA
-cryptosystem, which was developed with your tax dollars, but they 
-also somehow acquired the exclusive rights to three other patents
-covering rival public key schemes invented by others, also developed
-with your tax dollars.  This essentially gives one company a legal
-lock in the USA on nearly all practical public key cryptosystems. 
-They even appear to be claiming patent rights on the very concept of
-public key cryptography, regardless of what clever new original
-algorithms are independently invented by others.  And you thought
-patent law was designed to encourage innovation!  PKP does not
-actually develop any software-- they don't even have an engineering
-department-- they are essentially a litigation company.  
-
-Public key cryptography is destined to become a crucial technology in
-the protection of our civil liberties and privacy in our increasingly
-connected society.  Why should the Government try to limit access to 
-this key technology, when a single monopoly can do it for them?  
+cryptosystem, but they also acquired the exclusive rights to three
+other patents covering other public key schemes invented by others at
+Stanford University, also developed with Federal funding.  This
+essentially gives one company a legal lock in the USA on nearly all
+practical public key cryptosystems.  They even appear to be claiming
+patent rights on the very concept of public key cryptography,
+regardless of what clever new original algorithms are independently
+invented by others.  I find such a comprehensive monopoly troubling,
+because I think public key cryptography is destined to become a
+crucial technology in the protection of our civil liberties and
+privacy in our increasingly connected society.  At the very least,
+it places these vital tools at risk by affording to the Government
+a single pressure point of influence.
+
+There are negotiations under way with RSA Data Security Inc (RSADSI),
+a sister company to PKP, to legalize PGP in the US.  This would be
+accomplished by integrating RSAREF into PGP.  RSAREF is a subroutine
+package from RSADSI that implements the RSA algorithm.  The RSAREF
+subroutines would have to be used instead of PGP's original
+subroutines to implement the RSA functions in PGP.  There are some
+technical obstacles to getting this done, but a solution may be found
+if the negotiations with RSADSI proceed favorably.  If RSAREF is
+integrated into PGP, it will be licensed by RSADSI for noncommercial
+usage in the US.  Foreign versions of PGP will not use RSAREF, but
+will continue to use PGP's original faster subroutine library to do
+the RSA calculations.  RSADSI may require PGP's name to change in
+order to make all this possible.  Stay tuned.
 
 It appears certain that there will be future releases of PGP,
 regardless of the outcome of licensing problems with Public Key
 Partners.  If PKP does not license PGP, then future releases of PGP
-might not come from me.  There are countless fans of PGP outside the
-US, and many of them are software engineers who want to improve PGP
-and promote it, regardless of what I do.  The second release of PGP
-was a joint effort of an international team of software engineers,
-implementing enhancements to the original PGP with design guidance
-from me.  It was released by Branko Lankester in The Netherlands and
-Peter Gutmann in New Zealand, out of reach of US patent law. 
-Although released only in Europe and New Zealand, it spontaneously
-spread to the USA without help from me or the PGP development team.
+will likely not come from me.  There are countless fans of PGP outside
+the US, and many of them are software engineers who want to improve
+PGP and promote it, regardless of what I do.  The second release of
+PGP was a joint effort of an international team of software
+engineers, implementing enhancements to the original PGP with design
+guidance from me.  It was released by Branko Lankester in The
+Netherlands and Peter Gutmann in New Zealand, out of reach of US
+patent law. Although released only in Europe and New Zealand, it
+spontaneously spread to the USA without help from me or the PGP
+development team.
 
 The IDEA(tm) conventional block cipher used by PGP is covered by a
 patent in Europe, held by ETH and a Swiss company called Ascom-Tech
@@ -1835,15 +1833,8 @@ Fax +41 65 235761.
 
 The ZIP compression routines in PGP come from freeware source code,
 with the author's permission.  I'm not aware of any patents on the
-ZIP algorithm, but you're welcome to check into that question
-yourself.  If there are any obscure patent claims that apply to ZIP,
-then sorry, you'll have to take care of the patent licensing, not me.
-
-All this patent stuff reminds me of a Peanuts cartoon I saw in the
-newspaper where Lucy showed Charlie Brown a fallen autumn leaf and
-said "This is the first leaf to fall this year."  Charlie Brown said,
-"How do you know that?  Leaves have been falling for weeks."  Lucy
-replied, "I had this one notarized."
+compression algorithms used in the ZIP routines, but you're welcome to
+check into that question yourself.
 
 
 Licensing and Distribution
@@ -1857,27 +1848,11 @@ it.  However, if you live in the USA, th
 obligations you may have to PKP for using the RSA algorithm as
 mentioned above.  
 
-In fact, if you live in the USA, and you are not a Federal agency, 
-you shouldn't actually run PGP on your computer, because Public Key
-Partners wants to forbid you from running my software.  PGP is
-contraband.  
-
-Of course, I can't give any assurances, but my guess is that it seems
-unlikely that PKP would waste their time pursuing PGP end users for
-patent infringement.  There are just too many PGP users to go after. 
-And why would they single you out?  But I certainly wouldn't want to
-imply that you do anything improper-- if PKP were offering licenses,
-I would urge you to obtain one.  But since they aren't, well, I guess
-you should just refrain from using PGP if you live in the USA.	
-
 PGP is not shareware, it's freeware.  Forbidden freeware.  Published
-as a community service.  If I sold PGP for money, then I would get
-sued by PKP for using their RSA algorithm.  More importantly, giving
-PGP away for free will encourage far more people to use it, which
-hopefully will have a greater social impact.  This could lead to
-widespread awareness and use of the RSA public key cryptosystem,
-which will probably make more money for PKP in the long run.  If only
-they could see that.  
+as a community service.  Giving PGP away for free will encourage far
+more people to use it, which hopefully will have a greater social
+impact.  This could lead to widespread awareness and use of the RSA
+public key cryptosystem.
 
 All the source code for PGP is available for free under the "Copyleft" 
 General Public License from the Free Software Foundation (FSF).  A
@@ -1893,24 +1868,25 @@ General Public License, the following te
 
 2)  Although the FSF General Public License allows non-proprietary
     derivative products, it prohibits proprietary derivative products. 
-    Despite this, I may grant you a special license if you want to 
-    derive a proprietary commercial product from some of PGP's parts.  
-    There may or may not be a fee depending on what kind of a deal you 
-    plan to pursue with PKP.  Retaining my copyright notice and 
-    attribution might suffice in some cases.  Give me a call and we'll 
-    discuss it.  I'm real easy to please.
+    Despite this, I may grant you a special license if you want to derive
+    a proprietary commercial product from some of PGP's parts.  There may
+    or may not be a fee, depending on the circumstances.  Retaining my
+    copyright notice and attribution might suffice in some cases.  Give
+    me a call and we'll discuss it.  I'm real easy to please.  Any such
+    license would not free you of any patent licensing requirements.  
 
 Feel free to disseminate the complete PGP release package as widely
 as possible.  Give it to all your friends.  If you have access to any
 electronic Bulletin Boards Systems, please upload the complete PGP
 executable object release package to as many BBS's as possible.  You
 may disseminate the PGP source release package too, if you've got
-it.  The PGP version 2.2 executable object release package for MSDOS
+it.  The PGP version 2.3 executable object release package for MSDOS
 contains the PGP executable software, documentation, sample key rings
 including my own public key, and signatures for the software and this
-manual, all in one PKZIP compressed file called PGP22.ZIP.  The PGP
+manual, all in one PKZIP compressed file called pgp22.zip.  The PGP
 source release package for MSDOS contains all the C source files in
-one PKZIP compressed file called PGP22SRC.ZIP.
+one PKZIP compressed file called pgp22src.zip.  The filename for the
+release package is derived from the version number of the release.
 
 You may obtain free copies or updates to PGP from thousands of BBS's
 worldwide or from other public sources such as Internet FTP sites. 
@@ -1935,28 +1911,27 @@ you collect.  If you need any significan
 available on a paid consulting basis, and I do return those calls.
 
 The most inconvenient mail I get is for some well-intentioned person
-to send me a few dollars asking me for a copy of PGP.  I can't send
-it to them because of the legal threats from PKP (or worse--
-sometimes these requests are from foreign countries, and I would be
-risking violating cryptographic export control laws).  Even if there
-were no legal hassles involved in sending PGP to them, they usually
-don't send enough money to make it worth my time ($50 might be worth
-my time if I were actually selling this stuff).  I'm just not set up
-as a low cost low volume mail order business.  I can't just ignore
-the request and keep the money, because they probably regard the
-money as a fee for me to fulfill their request.  If I return the
-money, I might have to get in my car and drive down to the post
-office and buy some postage stamps, because these requests rarely
-include a stamped self-addressed envelope.  And I have to take the
-time to write a polite reply that I can't do it.  If I postpone the
-reply and set the letter down on my desk, it might be buried within
-minutes and won't see the light of day again for months.  Multiply
-these minor inconveniences by the number of requests I get, and you
-can see the problem.  Isn't it enough that the software is free?  It
-would be nicer if people could try to get PGP from any of the myriad
-other sources.  If you don't have a modem, ask a friend to get it for
-you.  If you can't find it yourself, I don't mind answering a quick
-phone call. 
+to send me a few dollars asking me for a copy of PGP.  I don't send 
+it to them because I'd rather avoid any legal problems with PKP.  Or
+worse, sometimes these requests are from foreign countries, and I
+would be risking a violation of US cryptographic export control
+laws.  Even if there were no legal hassles involved in sending PGP to
+them, they usually don't send enough money to make it worth my time.
+I'm just not set up as a low cost low volume mail order business.  I
+can't just ignore the request and keep the money, because they
+probably regard the money as a fee for me to fulfill their request.
+If I return the money, I might have to get in my car and drive down
+to the post office and buy some postage stamps, because these
+requests rarely include a stamped self-addressed envelope.  And I
+have to take the time to write a polite reply that I can't do it.  If
+I postpone the reply and set the letter down on my desk, it might be
+buried within minutes and won't see the light of day again for
+months.  Multiply these minor inconveniences by the number of
+requests I get, and you can see the problem.  Isn't it enough that
+the software is free?  It would be nicer if people could try to get
+PGP from any of the myriad other sources.  If you don't have a modem,
+ask a friend to get it for you.  If you can't find it yourself, I
+don't mind answering a quick phone call. 
 
 If anyone wants to volunteer to improve PGP, please let me know.  It
 could certainly use some more work.  Some features were deferred to
@@ -2057,17 +2032,10 @@ document file in the PGP release package
 
 The Electronic Frontier Foundation (EFF) was founded in July, 1990,
 to assure freedom of expression in digital media, with a particular
-emphasis on applying the principles embodied in the Constitution and
-the Bill of Rights to computer-based communication.  They can be
-reached at:  Electronic Frontier Foundation, 238 Main Street, 
-Cambridge, MA 02142, USA.
-
-The League for Programming Freedom (LPF) is a grass-roots organization
-of professors, students, businessmen, programmers and users dedicated
-to bringing back the freedom to write programs.  They regard patents
-on computer algorithms as harmful to the US software industry.  They
-can be reached at (617) 433-7071, or send Internet mail to
-lpf@uunet.uu.net
+emphasis on applying the principles embodied in the US Constitution
+and the Bill of Rights to computer-based communication.  They can be
+reached in Washington DC, at (202) 347-5400.  Internet E-mail address: 
+eff@eff.org.
 
 Computer Professionals For Social Responsibility (CPSR) empowers
 computer professionals and computer users to advocate for the
@@ -2076,6 +2044,12 @@ computer technology to participate in pu
 impacts of computers on society.  They can be reached at:
 415-322-3778 in Palo Alto, E-mail address cpsr@csli.stanford.edu.
 
+The League for Programming Freedom (LPF) is a grass-roots organization
+of professors, students, businessmen, programmers and users dedicated
+to bringing back the freedom to write programs.  They regard patents
+on computer algorithms as harmful to the US software industry.  They
+can be reached at (617) 433-7071.  E-mail address: lpf@uunet.uu.net.
+
 For more details on these groups, see the accompanying document in
 the PGP release package.
 
@@ -2089,22 +2063,26 @@ Recommended Introductory Readings
     IEEE Computer, Feb 1983
 3)  Martin E. Hellman, "The Mathematics of Public-Key Cryptography," 
     Scientific American, Aug 1979
+4)  Steven Levy, "Crypto Rebels", WIRED, May/Jun 1993, page 54.
+    (This is a "must-read" article on PGP and other related topics.)
 
 Other Readings
 ==============
 
-4)  Ronald Rivest, "The MD5 Message Digest Algorithm", MIT Laboratory
+5)  Ronald Rivest, "The MD5 Message Digest Algorithm", MIT Laboratory
     for Computer Science, 1991
-5)  Xuejia Lai, "On the Design and Security of Block Ciphers", 
+6)  Xuejia Lai, "On the Design and Security of Block Ciphers", 
     Institute for Signal and Information Processing, ETH-Zentrum, 
     Zurich, Switzerland, 1992
-6)  Xuejia Lai, James L. Massey, Sean Murphy, "Markov Ciphers and 
+7)  Xuejia Lai, James L. Massey, Sean Murphy, "Markov Ciphers and 
     Differential Cryptanalysis", Advances in Cryptology- EUROCRYPT'91
-7)  Philip Zimmermann, "A Proposed Standard Format for RSA 
+8)  Philip Zimmermann, "A Proposed Standard Format for RSA 
     Cryptosystems", Advances in Computer Security, Vol III, edited by
     Rein Turn, Artech House, 1988
-8)  Paul Wallich, "Electronic Envelopes", Scientific American, Feb
-    1993, pages 30-32.  (This is an article on PGP)
+9)  Bruce Schneier, "Applied Cryptography: Protocols, Algorithms, and
+    Source Code in C", John Wiley & Sons, 1993 (coming in November)
+10) Paul Wallich, "Electronic Envelopes", Scientific American, Feb
+    1993, page 30.  (This is an article on PGP)
 
 
 To Contact the Author
@@ -2116,7 +2094,7 @@ Boulder Software Engineering
 3021 Eleventh Street
 Boulder, Colorado 80304  USA
 Phone 303-541-0140 (voice or FAX)  (10:00am - 7:00pm Mountain Time)
-Internet:  prz@sage.cgd.ucar.edu
+Internet:  prz@acm.org
 
 
 
@@ -2139,21 +2117,24 @@ note that there is no RSA patent outside
 that there are US and Canadian export laws prohibiting anyone inside
 the US and Canada from exporting cryptographic software like this. 
 If you live outside the US, you're probably not violating US export
-law if you pick it up from a source outside of the US.
+law if you pick it up from a source outside of the US.  Note that due
+to negotiations with the RSA patent holders, the name of PGP may
+change in a future release.
 
 What follows is a small sample of places that allegedly have PGP, as
-of 2 March 1993.  This information is not guaranteed to be correct.
+of June 1993.  This information is not guaranteed to be correct.
 Some US sites have occasionally withdrawn PGP because of fear of
 legal intimidation from the RSA patent holders.
 
-There are two compressed archive files in the PGP 2.2 MSDOS release. 
-You must get pgp22.zip which contains the MSDOS binary executable and
-the PGP User's Guide, and you can optionally get pgp22src.zip which
-contains the source files.  These files can be decompressed with the
-MSDOS shareware archive decompression utility PKUNZIP.EXE, version
-1.1 or later.  For Unix users who lack an implementation of UNZIP,
-the source code can also be found in the compressed tar file
-pgp22src.tar.Z.
+There are two compressed archive files in the standard release, with
+the file name derived from the release version number.  For PGP
+version 2.3, you must get pgp23.zip which contains the MSDOS binary
+executable and the PGP User's Guide, and you can optionally get
+pgp23src.zip which contains all the source code.  These files can be
+decompressed with the MSDOS shareware archive decompression utility
+PKUNZIP.EXE, version 1.10 or later.  For Unix users who lack an
+implementation of UNZIP, the source code can also be found in the
+compressed tar file pgp23src.tar.Z.
 
 A reminder:  Set mode to binary or image when doing an FTP transfer.
 And when doing a kermit download to your PC, specify 8-bit binary
@@ -2170,12 +2151,12 @@ UK:         src.doc.ic.ac.uk
             Directory: /computing/security/software/PGP
 
 For those lacking FTP connectivity to the net, nic.funet.fi also
-offers the files via email.  Send the following mail message to
-mailserv@nic.funet.fi:
+offers the files via email.  To get version 2.3, send the following
+mail message to mailserv@nic.funet.fi:
 
     ENCODER uuencode
-    SEND pub/unix/security/crypt/pgp22src.zip
-    SEND pub/unix/security/crypt/pgp22.zip
+    SEND pub/unix/security/crypt/pgp23src.zip
+    SEND pub/unix/security/crypt/pgp23.zip
 
 This will deposit the two zipfiles, as (about) 15 batched messages in
 your mailbox within about 24 hours.  Save and uudecode.
@@ -2195,16 +2176,6 @@ information:
     name: PGP USER        ('PGP' is 1st name, 'USER' is 2nd name)
     password: PGP
 
-The Northern Lights BBS in Troy, NY, has PGP for free download.  It
-is run by Daniel Ray.  Call (518) 237-2163 at 300-2400 bps 8N1.  Then
-login directly to the pgp account as follows:
-
-    tnllogin: pgp
-    Password: key
-
-In Colorado, try this single-line BBS:  303 443-8292.  It is often
-busy, so keep trying.  Log in with your own name.
-
 PGP is also widely available on Fidonet, a large informal network of
 PC-based bulletin board systems interconnected via modems.  Check
 your local bulletin board systems.  It is available on many foreign
@@ -2213,6 +2184,11 @@ and domestic Fidonet BBS sites.
 In New Zealand, try this (supposedly free) dial-up BBS system:
    Kappa Crucis:  +64 9 817-3714, -3725, -3324, -8424, -3094, -3393
 
+Source and binary distributions of PGP are available from the Canadian
+Broadcasting Corporation library, which is open to the public.  It has
+branches in Toronto, Montreal, and Vancouver.  Contact Max Allen, at
++1 416 205-6017 if you have questions.
+
 For information on PGP implementations on the Apple Macintosh,
 Commodore Amiga, or Atari ST, or any other questions about where to
 get PGP for any other platform, contact Hugh Miller at