--- pgp/doc/pgpdoc2.txt	2018/04/24 16:42:44	1.1.1.4
+++ pgp/doc/pgpdoc2.txt	2018/04/24 16:43:57	1.1.1.5
@@ -1,4 +1,5 @@
 
+
 		     Phil's Pretty Good Software
 			       Presents
 
@@ -11,16 +12,16 @@
 
 
 		      -------------------------
-			 PGP(tm) User's Guide
-		      Volume II: Special Topics
+                         PGP(tm) User's Guide
+                      Volume II: Special Topics
 		      -------------------------
-			 by Philip Zimmermann
-			  Revised 22 May 94
+                         by Philip Zimmermann
+                         Revised 31 August 94
 
 
-		     PGP Version 2.6 - 22 May 94
-			     Software by
-		 Philip Zimmermann, and many others.
+                    PGP Version 2.6.1 - 30 Aug 94
+                             Software by
+                 Philip Zimmermann, and many others.
 
 
 
@@ -91,7 +92,7 @@ Special Topics
     PGP's Conventional Encryption Algorithm
     Data Compression
     Message Digests and Digital Signatures
-  Compatibility with Previous Versions of PGP
+  Compatibility with Previous and Future Versions of PGP
 Vulnerabilities
   Compromised Pass Phrase and Secret Key
   Public Key Tampering
@@ -99,21 +100,26 @@ Vulnerabilities
   Viruses and Trojan Horses
   Physical Security Breach
   Tempest Attacks
-  Protecting Against Bogus Timestamps
   Exposure on Multi-user Systems
   Traffic Analysis
+  Protecting Against Bogus Timestamps
   Cryptanalysis
 Legal Issues
   Trademarks, Copyrights, and Warranties
   Patent Rights on the Algorithms
-  Licensing and Distribution
+  Freeware Status and Restrictions
+  Restrictions on Commercial Use of PGP
+  Other Licensing Restrictions
+  Distribution
   Export Controls
   Philip Zimmermann's Legal Situation
+Other Sources of Information on PGP
   Where to Get a Commercial Version of PGP
   Reporting PGP Bugs
-Computer-Related Political Groups
-Recommended Readings
-To Contact the Author
+  Fan Mail, Updates, and News
+  Computer-Related Political Groups
+  Recommended Readings
+  To Contact the Author
 Appendix A:  Where to Get PGP
 
 
@@ -410,6 +416,10 @@ To edit your own userid or pass phrase f
 
 PGP prompts you for a new user ID or a new pass phrase.
 
+If you edit your user ID, PGP actually adds a new user ID, without
+deleting the old one.  If you want to delete an old user ID, you will
+have to do that in a separate operation.
+
 The optional [keyring] parameter, if specified, must be a public
 keyring, not a secret keyring.  The userid field must be your own
 userid, which PGP knows is yours because it appears on both your
@@ -502,6 +512,10 @@ and the key fingerprint via a voice tele
 people distribute their key fingerprint on their business cards,
 which looks really cool.
 
+For current versions of PGP, the key fingerprint is computed using 
+the MD5 hash function.  A future version of PGP will optionally use a
+new and different hash function, SHA, instead of MD5.
+
 If you don't know me, please don't call me to verify my key over the
 phone-- I get too many calls like that.  Since every PGP user has a
 copy of my public key, no one could tamper with all the copies that
@@ -509,6 +523,18 @@ are out there.  The discrepancy would so
 checked it from more than one source, and word would soon get out on
 the Internet.
 
+For those of you who want to verify my public key (included in the
+standard PGP release package), here are the particulars:
+
+  UserID: "Philip R. Zimmermann <prz@acm.org>"
+  Key Size: 1024 bits;  Creation date: 21 May 1993;  KeyID: C7A966DD
+  Key fingerprint:  9E 94 45 13 39 83 5F 70  7B E7 D8 ED C4 BE 5A A6
+
+The information printed above conceivably could still be tampered
+with in the electronic distribution of the PGP User's Guide.  But if
+you read this in the printed version of the manual, available in
+bookstores from MIT Press, it's a safe bet that it really is my own
+key's fingerprint.
 
 
 Handling Large Public Keyrings
@@ -533,8 +559,9 @@ foreign keyring, specifying the keyring
 Then add these extracted keys to your own keyring.
 
 The real solution is to improve PGP to use advanced database
-techniques to manage large keyrings efficiently.  Until this happens,
-you will just have to use smaller keyrings, or be patient.
+techniques to manage large keyrings efficiently.  We are working on
+this, and should have it done Real Soon Now.  Until this happens, you
+will just have to use smaller keyrings, or be patient.
 
 
 
@@ -564,7 +591,6 @@ pass phrase, so that you won't be prompt
 feature is explained below.
 
 
-
 Suppressing Unnecessary Questions:  BATCHMODE
 ----------------------------------------------
 
@@ -660,6 +686,15 @@ it in an environment where someone else
 machine.  Someone could come along and simply ask your computer to
 display the contents of PGPPASS.
 
+Sometimes you want to pass the pass phrase into PGP from another
+application, such as an E-mail package.  In some cases, it may not
+always be desirable to use the PGPPASS variable for that purpose. 
+There is another way to pass your pass phrase into PGP from another
+application.  Use the "-z" command line option.  This option is
+designed primarily for invoking PGP from inside an E-mail package. 
+The pass phrase follows the -z option on the command line.  There are
+risks associated with using this approach, similar to those risks
+described above for using the PGPPASS variable.
 
 
 Setting Configuration Parameters: CONFIG.TXT
@@ -869,7 +904,7 @@ The configuration parameter ARMORLINES s
 of lines to make each chunk in a multipart ".asc" file sequence.  If
 you set it to zero, PGP will not break up the file into chunks.
 
-Fidonet email files usually have an upper limit of about 32K bytes,
+Fidonet E-mail files usually have an upper limit of about 32K bytes,
 so 450 lines would be appropriate for Fidonet environments.
 
 For further details, see the section "Sending Ciphertext Through
@@ -1240,8 +1275,8 @@ generation, like so:
     pgp -kg +nomanual
 
 The NOMANUAL flag can only be set on the command line, not in the
-config file.  Since you must read this manual to learn how to do
-enable this override feature, I hope this will still be effective in
+config file.  Since you must read this manual to learn how to enable
+this override feature, I hope this will still be effective in
 discouraging the distribution of PGP without the manual.
 
 
@@ -1367,13 +1402,13 @@ mistakenly believing that RSA is intrins
 conventional cipher.  Well, it's not.  
 
 People who work in factoring research say that the workload to
-exhaust all the possible 128-bit keys in the IDEA cipher would equal
-the factoring workload to crack a 3100-bit RSA key, which is quite a
-bit bigger than the 1024-bit RSA key size that most people use for
-high security applications.  Given this range of key sizes, and
-assuming there are no hidden weaknesses in the conventional cipher,
-the weak link in this hybrid approach is in the public key algorithm,
-not the conventional cipher.
+exhaust all the possible 128-bit keys in the IDEA cipher would
+roughly equal the factoring workload to crack a 3100-bit RSA key,
+which is quite a bit bigger than the 1024-bit RSA key size that most
+people use for high security applications.  Given this range of key
+sizes, and assuming there are no hidden weaknesses in the
+conventional cipher, the weak link in this hybrid approach is in the
+public key algorithm, not the conventional cipher.
 
 It is not ergonomically practical to use pure RSA with large keys to
 encrypt and decrypt long messages.  A 1024-bit RSA key would decrypt
@@ -1386,13 +1421,15 @@ more conveniently.
 
 Not only is RSA too slow to use on bulk data, but it even has certain
 weaknesses that can be exploited in some special cases of particular
-kinds of messages that are fed to the RSA cipher.  These special
-cases can be avoided by using the hybrid approach of using RSA to
-encrypt random session keys for a conventional cipher.  So the bottom
-line is this:  Using pure RSA on bulk data is the wrong approach,
-period.  It's too slow, it's not stronger, and may even be weaker.  If
-you find a software application that uses pure RSA on bulk data, it
-probably means the implementor does not understand these issues.
+kinds of messages that are fed to the RSA cipher, even for large
+keys.  These special cases can be avoided by using the hybrid
+approach of using RSA to encrypt random session keys for a
+conventional cipher, like PGP does.  So the bottom line is this: 
+Using pure RSA on bulk data is the wrong approach, period.  It's too
+slow, it's not stronger, and may even be weaker.  If you find a
+software application that uses pure RSA on bulk data, it probably
+means the implementor does not understand these issues, which could
+imply he doesn't understand other important concepts of cryptography.
 
 
 
@@ -1525,33 +1562,34 @@ based on MD5 and the RSA public-key cryp
 
 
 
-Compatibility with Previous Versions of PGP
-===========================================
+Compatibility with Previous and Future Versions of PGP
+======================================================
 
-PGP version 2.6 can read anything produced by versions 2.3, 2.3a, 2.4,
-or 2.5.  However, because of a negotiated agreement between MIT and
-RSA Data Security, PGP 2.6 will change its behavior slightly on 1
-September 1994, triggered by a built-in software timer.  On that date,
-version 2.6 will start producing a new and slightly different data
-format for messages, signatures and keys.  PGP 2.6 will still be able
-to read and process messages, signatures, and keys produced under the
-old format, but it will generate the new format.  This incompatible
+PGP version 2.6 can read anything produced by versions 2.3 through
+2.7.  However, because of a negotiated agreement between MIT and RSA
+Data Security, PGP 2.6 will change its behavior slightly on 1
+September 1994, triggered by a built-in software timer.  On that
+date, version 2.6 will start producing a new and slightly different
+data format for messages, signatures and keys.  PGP 2.6 will still be
+able to read and process messages, signatures, and keys produced
+under the old format, but it will generate the new format.  This
 change is intended to discourage people from continuing to use the
 older (2.3a and earlier) versions of PGP, which Public Key Partners
 contends infringes its RSA patent (see the section on Legal Issues).
-PGP 2.4, distributed by Viacrypt (see the section Where to Get a
-Commercial Version of PGP) avoids infringement through Viacrypt's
-license arrangement with Public Key Partners.  PGP 2.5 and 2.6 avoid
-infringement by using the RSAREF(TM) Cryptographic Toolkit, under
-license from RSA Data Security, Inc.
+ViaCrypt PGP (see the section Where to Get a Commercial Version of
+PGP), versions 2.4 and 2.7, avoids questions of infringement through
+Viacrypt's license arrangement with Public Key Partners.  PGP 2.5 and
+2.6 avoid questions of infringement by using the RSAREF(TM)
+Cryptographic Toolkit, under license from RSA Data Security, Inc.
 
 Outside the United States, the RSA patent is not in force, so PGP
-users there are free to use implementations of PGP that do not rely on
-RSAREF and its restrictions.  Hopefully, implementors of PGP versions
-outside the US will also switch to the new format, whose detailed
-description is available from MIT.  If everyone upgrades before 1
-September 1994, no one will experience any discontinuity in
-interoperability.
+users there are free to use implementations of PGP that do not rely
+on RSAREF and its restrictions.  See the notes on foreign versions in
+the Legal Issues section later in this manual.  It seems likely that
+any versions of PGP prepared outside the US will follow the new
+format, whose detailed description is available from MIT.  If
+everyone upgrades before September 1994, or soon thereafter, there
+will be little interoperability problems.
 
 This format change beginning with 2.6 is similar to the process that
 naturally happens when new features are added, causing older versions
@@ -1568,21 +1606,22 @@ There is a another change that effects i
 versions of PGP.  Unfortunately, due to data format limitations
 imposed by RSAREF, PGP 2.5 and 2.6 cannot interpret any messages or
 signatures made with PGP version 2.2 or earlier.  Since we had no
-choice but to use the new data formats, because of the legal
-requirement to switch to RSAREF, we can't do anything about this
-problem.
+choice but to use the new data formats, because of the need to switch
+to RSAREF, we can't do anything about this problem.
 
 Beginning with version 2.4 (which was ViaCrypt's first version)
 through at least 2.6, PGP does not allow you to generate RSA keys
 bigger than 1024 bits.  The upper limit was always intended to be
-1024 bits.  But because of a bug in earlier versions of PGP, it was
-possible to generate keys larger than 1024 bits.  These larger keys
-caused interoperability problems between different older versions of
-PGP that used different arithmetic algorithms with different native
-word sizes.  On some platforms, PGP choked on the larger keys.  In
-addition to these older key size problems, the 1024-bit limit is now
-enforced by RSAREF.  A 1024-bit key is very likely to be well out of
-reach of attacks by major governments.
+1024 bits -- there had to be some kind of upper limit, for
+performance and interoperability reasons.  But because of a bug in
+earlier versions of PGP, it was possible to generate keys larger than
+1024 bits.  These larger keys caused interoperability problems
+between different older versions of PGP that used different
+arithmetic algorithms with different native word sizes.  On some
+platforms, PGP choked on the larger keys.  In addition to these older
+key size problems, the 1024-bit limit is now enforced by RSAREF.  A
+1024-bit key is very likely to be well out of reach of attacks by
+major governments.  In a future version, PGP will support bigger keys.
 
 In general, there is compatibility from version 2.0 upwards through
 2.4.  Because new features are added, older versions may not always be
@@ -1591,6 +1630,15 @@ massive changes to all the algorithms an
 2.0 (and later) is not even slightly compatible with PGP version 1.0,
 which no one uses anymore anyway.
 
+Future versions of PGP may have to change the data formats for
+messages, signatures, keys and key rings, in order to provide
+important new features.  We will endeavor to make future versions
+handle keys, signatures, and messages from this version, but this is
+not guaranteed.  Future releases may provide conversion utilities to
+convert old keys, but you may have to dispose of old messages created
+with the old PGP.  Also, this current version may not be able to read
+stuff produced from all future versions.  
+
 
 Vulnerabilities
 ===============
@@ -1756,6 +1804,18 @@ as to compromise its own ability to chec
 assumes that you have a good trusted copy of the public key that you
 use to check the signature on the PGP executable.
 
+I recommend you not trust your copy of PGP unless it was originally
+distributed by MIT or ViaCrypt, or unless it comes with a digitally
+signed endorsement from me.  Every new version comes with one or more
+digital signatures in the distribution package, signed by the
+originator of that release package.  This is usually someone
+representing MIT or ViaCrypt, or whoever released that version. 
+Check the signatures on the version that you get.  I have actually
+seen several bogus versions of PGP distribution packages, even from
+apparantly reliable freeware distribution channels such as CD-ROM
+distributors and Compuserve.  Always check the signature when you get
+a new version.
+
 
 Physical Security Breach
 ------------------------
@@ -1799,53 +1859,6 @@ why do you suppose the Government would
 shielding?
 
 
-Protecting Against Bogus Timestamps
------------------------------------
-
-A somewhat obscure vulnerability of PGP involves dishonest users
-creating bogus timestamps on their own public key certificates and
-signatures.  You can skip over this section if you are a casual user
-and aren't deeply into obscure public key protocols.
-
-There's nothing to stop a dishonest user from altering the date and
-time setting of his own system's clock, and generating his own public
-key certificates and signatures that appear to have been created at a
-different time.  He can make it appear that he signed something
-earlier or later than he actually did, or that his public/secret key
-pair was created earlier or later.  This may have some legal or
-financial benefit to him, for example by creating some kind of 
-loophole that might allow him to repudiate a signature.
-
-A remedy for this could involve some trustworthy Certifying Authority
-or notary that would create notarized signatures with a trustworthy
-timestamp.  This might not necessarily require a centralized
-authority.  Perhaps any trusted introducer or disinterested party
-could serve this function, the same way real notary publics do now. 
-A public key certificate could be signed by the notary, and the
-trusted timestamp in the notary's signature would have some legal
-significance.  The notary could enter the signed certificate into a
-special certificate log controlled by the notary.  Anyone can read
-this log. 
-
-The notary could also sign other people's signatures, creating a
-signature certificate of a signature certificate.  This would serve
-as a witness to the signature the same way real notaries do now with
-paper.  Again, the notary could enter the detached signature
-certificate (without the actual whole document that was signed) into
-a log controlled by the notary.  The notary's signature would have a
-trusted timestamp, which might have greater credibility than the
-timestamp in the original signature.  A signature becomes "legal" if
-it is signed and logged by the notary.
-
-This problem of certifying signatures with notaries and trusted
-timestamps warrants further discussion.  This can of worms will not
-be fully covered here now.  There is a good treatment of this topic
-in Denning's 1983 article in IEEE Computer (see references).  There
-is much more detail to be worked out in these various certifying
-schemes.  This will develop further as PGP usage increases and other
-public key products develop their own certifying schemes.
-
-
 Exposure on Multi-user Systems
 ------------------------------
 
@@ -1899,6 +1912,61 @@ analysis in your communication environme
 cryptographic assistance.
 
 
+Protecting Against Bogus Timestamps
+-----------------------------------
+
+A somewhat obscure vulnerability of PGP involves dishonest users
+creating bogus timestamps on their own public key certificates and
+signatures.  You can skip over this section if you are a casual user
+and aren't deeply into obscure public key protocols.
+
+There's nothing to stop a dishonest user from altering the date and
+time setting of his own system's clock, and generating his own public
+key certificates and signatures that appear to have been created at a
+different time.  He can make it appear that he signed something
+earlier or later than he actually did, or that his public/secret key
+pair was created earlier or later.  This may have some legal or
+financial benefit to him, for example by creating some kind of 
+loophole that might allow him to repudiate a signature.
+
+I think this problem of falsified timestamps in digital signatures is
+no worse than it is already in handwritten signatures.  Anyone may
+write a date next to their handwritten signature on a contract with
+any date they choose, yet no one seems to be alarmed over this state
+of affairs.  In some cases, an "incorrect" date on a handwritten
+signature might not be associated with actual fraud.  The timestamp
+might be when the signator asserts that he signed a document, or
+maybe when he wants the signature to go into effect.
+
+In situations where it is critical that a signature be trusted to
+have the actual correct date, people can simply use notaries to
+witness and date a handwritten signature.  The analog to this in
+digital signatures is to get a trusted third party to sign a
+signature certificate, applying a trusted timestamp.  No exotic or
+overly formal protocols are needed for this.  Witnessed signatures
+have long been recognized as a legitimate way of determining when a
+document was signed.
+
+A trustworthy Certifying Authority or notary could create notarized
+signatures with a trustworthy timestamp.  This would not necessarily
+require a centralized authority.  Perhaps any trusted introducer or
+disinterested party could serve this function, the same way real
+notary publics do now.  When a notary signs other people's
+signatures, it creates a signature certificate of a signature
+certificate.  This would serve as a witness to the signature the same
+way real notaries now witness handwritten signatures.  The notary
+could enter the detached signature certificate (without the actual
+whole document that was signed) into a special log controlled by the
+notary.  Anyone can read this log.  The notary's signature would have
+a trusted timestamp, which might have greater credibility or more
+legal significance than the timestamp in the original signature.
+
+There is a good treatment of this topic in Denning's 1983 article in
+IEEE Computer (see references).  Future enhancements to PGP might
+have features to easily manage notarized signatures of signatures,
+with trusted timestamps.
+
+
 Cryptanalysis
 -------------
 
@@ -1920,8 +1988,8 @@ Still, some optimism seems justified.  T
 are among the best cryptographers in Europe.  It has had extensive
 security analysis and peer review from some of the best cryptanalysts
 in the unclassified world.  It appears to have some design advantages
-over the DES in withstanding differential cryptanalysis, which has
-been used to crack the DES.  
+over the DES in withstanding differential and linear cryptanalysis,
+which have both been used to crack the DES.  
 
 Besides, even if this algorithm has some subtle unknown weaknesses,
 PGP compresses the plaintext before encryption, which should greatly
@@ -1956,14 +2024,15 @@ Legal Issues
 Trademarks, Copyrights, and Warranties
 --------------------------------------
 
-"Pretty Good Privacy", "Phil's Pretty Good Software", and the "Pretty
-Good" label for computer software and hardware products are all
-trademarks of Philip Zimmermann and Phil's Pretty Good Software.  PGP
-is (c) Copyright Philip R. Zimmermann, 1990-1994.  All rights
-reserved.  Philip Zimmermann also holds the copyright for the PGP
-User's Manual, as well as any foreign language translations of the
-manual or the software, and all derivative works.  All rights
-reserved.
+"PGP", "Pretty Good Privacy", "Phil's Pretty Good Software", and the
+"Pretty Good" label for computer software and hardware products are
+all trademarks of Philip R. Zimmermann.
+
+PGP is (c) Copyright Philip R. Zimmermann, 1990-1994.  All rights
+reserved.  The PGP User's Guide is also copyright Philip Zimmermann,
+1990-1994.  All rights reserved.  These rights include but are not
+limited to any foreign language translations of the manual or the
+software, and all derivative works of both.
 
 MIT may have a copyright on the particular software distribution
 package that they distribute from the MIT FTP site.  This copyright
@@ -1980,6 +2049,7 @@ unrecoverable, the author assumes no res
 modification of any data.
 
 
+
 Patent Rights on the Algorithms
 -------------------------------
 
@@ -2001,16 +2071,16 @@ use of PGP has additional restrictions i
 have with ViaCrypt, as explained later.
 
 I wrote my PGP software from scratch, with my own independently
-developed implementation of the RSA algorithm.  Before publishing
-PGP, I got a formal written legal opinion from a patent attorney with
-extensive experience in software patents.  I'm convinced that
+developed implementation of the RSA algorithm.  Before publishing PGP
+in 1991, I got a formal written legal opinion from a patent attorney
+with extensive experience in software patents.  I'm convinced that
 publishing PGP the way I did does not violate patent law.
 
 Not only did PKP acquire the exclusive patent rights for the RSA
 cryptosystem, but they also acquired the exclusive rights to three
 other patents covering other public key schemes invented by others at
 Stanford University, also developed with federal funding.  This
-essentially gives one company a legal lock in the USA on nearly all
+one company claims to have a legal lock in the USA on nearly all
 practical public key cryptosystems.  They even appear to be claiming
 patent rights on the very concept of public key cryptography,
 regardless of what clever new original algorithms are independently
@@ -2028,17 +2098,18 @@ license, which allows noncommercial use
 subroutine package from RSA Data Security Inc, that implements the
 RSA algorithm.  The RSAREF subroutines are used instead of PGP's
 original subroutines to implement the RSA functions in PGP.  See the
-RSAREF license for terms and conditions of use
-of RSAREF applications.
+RSAREF license for terms and conditions of use of RSAREF
+applications.
 
 PGP 2.5 was released by MIT for a brief test period in May, 1994
-before releasing 2.6.  Although 2.5 was released under the 16 March,
-1994 RSAREF license, which is a perpetual license, it would be better
-for users in the United States to upgrade to version 2.6 to facilitate
-the demise of PGP 2.3a and earlier versions.  Also, PGP 2.5 has bugs
-that are corrected in 2.6, and 2.5 will not read the new data format
-after September 1, 1994.  (See the section on Compatibility with
-Previous Versions of PGP.)
+before releasing 2.6.  PGP 2.5 was released under the 16 March, 1994
+RSAREF license, which is a perpetual license, so it may legally be
+used forever in the US.  But it would be better for PGP's legal and
+political future for users in the United States to upgrade to version
+2.6 or later to facilitate the demise of PGP 2.3a and earlier
+versions.  Also, PGP 2.5 has bugs that are corrected in 2.6, and 2.5
+will not read the new data format after September 1, 1994.  (See the
+section on Compatibility with Previous and Future Versions of PGP.)
 
 The PGP 2.0 release was a joint effort of an international team of
 software engineers, implementing enhancements to the original PGP
@@ -2050,7 +2121,7 @@ development team.
 
 The IDEA(tm) conventional block cipher used by PGP is covered by a
 patent in Europe, held by ETH and a Swiss company called Ascom-Tech
-AG.  The US Patent number is US005214703, and the European patent
+AG.  The US Patent number is 5,214,703, and the European patent
 number is EP 0 482 154 B1.  IDEA(tm) is a trademark of Ascom-Tech AG.
 There is no license fee required for noncommercial use of IDEA.
 Commercial users of IDEA may obtain licensing details from Dieter
@@ -2061,159 +2132,191 @@ Ascom-Tech AG has granted permission for
 use the IDEA cipher in non-commercial uses, everywhere.  In the US
 and Canada, all commercial or Government users must obtain a licensed
 version from ViaCrypt, who has a license from Ascom-Tech for the IDEA
-cipher.  Ascom-Tech has recently been changing its policies regarding
-the use of IDEA in PGP for commercial use outside the US, and that
-policy still seems to be in flux.
+cipher.  
+
+Ascom-Tech has recently been changing its policies regarding the use
+of IDEA in PGP for commercial use outside the US, and that policy
+still seems to be in flux.  They tell me that their current thinking
+is as follows:  They will allow commercial users of PGP outside the
+US or Canada to use IDEA in PGP without paying royalties to
+Ascom-Tech, because it is not currently possible for commercial users
+to buy a licensed version of PGP outside the US or Canada.  If the
+legal situation in the USA changes in the future, so that users
+outside the US or Canada can buy a licensed version of PGP (either
+from ViaCrypt, or from me, or from a foreign enterprise licensed by
+me), then Ascom-Tech will begin enforcing its patent licensing
+policies on commercial users who are in a position to buy a licensed
+version of PGP.  To get a more up-to-date report on this, contact
+Ascom-Tech AG.
 
 The ZIP compression routines in PGP come from freeware source code,
 with the author's permission.  I'm not aware of any patents on the
-compression algorithms used in the ZIP routines, but you're welcome to
-check into that question yourself.
+compression algorithms used in the ZIP routines.
 
 
-Licensing and Distribution
---------------------------
+Freeware Status and Restrictions
+--------------------------------
+
+PGP is not shareware, it's freeware.  Published as a community
+service.  Giving PGP away for free will encourage far more people to
+use it, which will have a greater social impact.  Feel free to
+disseminate the complete unmodified PGP release package as widely as
+possible, but be careful not to violate U.S. export controls if you
+live in the USA.  Give it to all your friends.  If you have access to
+any electronic Bulletin Board Systems, please upload the complete PGP
+executable object release package to as many BBS's as possible.
+
+You may also disseminate the source code release package.  PGP's
+source code is published to assist public scrutiny of PGP to show that
+it has no hidden weaknesses or back doors, and to help people to find
+bugs and report them.  Recompile it and port it to new target
+machines.  Experiment with the code and learn from it.
+
+I place no restraints on your modifying the source code for your own
+use.  However, do not distribute a modified version of PGP under the
+name "PGP" without first getting permission from me.  Please respect
+this restriction.  PGP's reputation for cryptographic integrity
+depends on maintaining strict quality control on PGP's cryptographic
+algorithms and protocols.  Beyond that, ad hoc "improvements" to PGP
+can affect interoperability, which creates user confusion and
+compatability problems that could damage PGP's (and my own)
+reputation and undermine the good will earned by the PGP trademark.
+
+This has already started to happen, which is why I'm making a point
+of it here.  This creates technical support headaches, and I get
+phone calls from confused users who run into problems either because
+they have a mutant strain of PGP, or are trying to process a key,
+signature, or message that came from an incompatible mutant strain of
+PGP.  The source code to PGP was not published to help spawn these
+mutant strains.
+
+If you want to distribute a modified version of PGP, or use a modified
+version to send messages to other people, you should name the program
+in such a way that no one could mistake it for PGP.  The messages,
+signatures, and keys it produces must also be labeled in such a way
+that no one could mistake them for material produced by PGP.  If you
+feel you must modify your copy of PGP, and there is any chance that
+the modified version could escape into the environment, please contact
+me first to discuss some easy methods for how to prevent people from
+confusing your version with the standard PGP.  Perhaps we'll even
+decide that your changes are appropriate for incorporating into the
+standard PGP release.
+
+Also, you should note that official executable versions of PGP are
+always released signed by the PGP developers, so you can verify their
+authenticity.  If you find a corrupted copy of PGP, or notice one
+being distributed, please contact the people doing the distribution
+and suggest that they replace this with an authentic version.
+
+Some older versions of PGP were published under the terms of the
+General Public License (GPL), a license designed by the Free Software
+Foundation to protect the status of free software.  Newer freeware
+versions of PGP are no longer published under the GPL.  The RSAREF
+licensing terms are more stringent than those of the GPL.  But even
+if a version of PGP is published without RSAREF, in a situation or
+place where the RSA patent does not apply, I still do not want the
+GPL to apply to PGP, for a variety of reasons, not the least of which
+is because the GPL is not optimal for protecting PGP from being
+republished with ad-hoc "improvements".
+
+Outside the United States, the RSA patent is not in force, so PGP
+users there are free to use implementations of PGP that do not rely
+on RSAREF and its restrictions.  Canadians may use PGP without using
+RSAREF, and there are legal ways to export PGP to Canada.  In Canada,
+where RSAREF is not needed, it is easy to modify and recompile the
+current PGP source code to perform the RSA calculations without using
+the RSAREF library, just as it was done in PGP 2.3a.  In such a case,
+this modified PGP may be re-released under the identical licensing
+terms as the current official freeware PGP release, but without the
+RSAREF-specific restrictions.  It may not be re-released under the
+GPL, as certain older versions were.  And this manual must accompany
+it.  That modified version of PGP may not be used in environments
+where RSAREF would be needed.
+
+
+Restrictions on Commercial Use of PGP
+-------------------------------------
 
-In the USA, PGP 2.6 is available from the Massachusetts Institute of
-Technology, under the terms of the RSAREF license.  I have no
-objection to anyone freely using or distributing the freeware version
-of PGP, without payment of fees to me, as long as it is for personal
-non-commercial use.  For commercial use, contact ViaCrypt in Phoenix,
-Arizona (phone 602-944-0773).  You must keep the copyright, patent,
-and trademark notices on PGP and keep all the documentation with it.
+The freeware version of PGP is for personal, non-commercial use.  For
+commercial use in the USA or Canada, contact ViaCrypt in Phoenix,
+Arizona (phone 602 944-0773, or email viacrypt@acm.org).
+
+I made an agreement with ViaCrypt in the summer of 1993 to license the
+exclusive commercial rights to PGP, so that there would be a way for
+corporations to use PGP without risk of a patent infringement lawsuit
+from PKP.  For PGP to succeed in the long term as a viable industry
+standard, the legal stigma associated with the RSA patent rights had
+to be resolved.  ViaCrypt had already obtained a patent license from
+PKP to make, use, and sell products that practice the RSA patents.
+ViaCrypt offered a way out of the patent quagmire for PGP to penetrate
+the corporate environment.  They could sell a fully-licensed version
+of PGP, but only if I licensed it to them under these terms.  So we
+entered into an agreement to do that, opening the door for PGP's
+future in the commercial sector, which was necessary for PGP's
+long-term political future.
 
-NOTE:  Regardless of the complexities and partially overlapping
+Therefore, regardless of the complexities and partially overlapping
 restrictions from all the other terms and conditions imposed by the
 various patent and copyright licenses (RSA, RSAREF, and IDEA) from
 various third parties, an additional overriding restriction on PGP
-usage is imposed by my own agreement with ViaCrypt:  The freeware
-version of PGP is only for personal, noncommercial use -- all other
+usage is imposed by my own agreement with ViaCrypt: The freeware
+version of PGP is only for personal, non-commercial use -- all other
 users in the USA and Canada must obtain a fully licensed version of
-PGP from ViaCrypt.
+PGP from ViaCrypt.  The restrictions imposed by my agreement with
+ViaCrypt do not apply outside the USA or Canada.
 
-I had to make an agreement with ViaCrypt in the summer of 1993 to
-license the exclusive commercial rights to PGP, so that there would
-be a legally safe way for corporations to use PGP without risk of a
-patent infringement lawsuit from PKP.  For PGP to succeed in the long
-term as a viable industry standard, the legal stigma associated with
-the RSA patent rights had to be resolved.  ViaCrypt had already
-obtained a patent license from PKP to make, use, and sell products
-that practice the RSA patents.  ViaCrypt offered a way out of the
-patent quagmire for PGP to penetrate the corporate environment.  They
-could sell a fully-licensed version of PGP, but only if I licensed it
-to them under these terms.  So we entered into an agreement to do
-that, opening the door for PGP's future in the commercial sector,
-which was necessary for PGP's long-term political future.
-
-PGP is not shareware, it's freeware.  Published as a community service.
-Giving PGP away for free will encourage far more people to use it, which
-hopefully will have a greater social impact.  This could lead to
-widespread awareness and use of the RSA public key cryptosystem.
-
-Feel free to disseminate the complete PGP release package as widely
-as possible, but be careful not to violate U.S. export controls if
-you live in the USA.  Give it to all your friends.  If you have
-access to any electronic Bulletin Boards Systems, please upload the
-complete PGP executable object release package to as many BBS's as
-possible.  The freeware version of PGP is available in source code
-form, and you may disseminate the source release package too, if you've
-got it.  NOTE:  Under no circumstances should PGP be distributed
-without the PGP documentation, including this PGP User's Guide and the
-RSAREF license agreement.
-
-The PGP version 2.6 executable object release package for MSDOS contains
-the PGP executable software, documentation, RSAREF license, sample
-key rings including my own public key, and signatures for the software
-and this manual, all in one PKZIP compressed file called pgp26.zip.  The
-PGP source release package for MSDOS contains all the C source files in
-one PKZIP compressed file called pgp26src.zip.  The filename for the
-release package is derived from the version number of the release.
+Finally, if you want to turn PGP into a commercial product and make
+money selling it, then we must agree on a way for me to also make
+money on it.  If you use PGP in such a manner that you must pay
+patent royalties or any other software licensing fees to the patent
+holders for any cryptographic algorithms used by PGP, then we must
+agree on a way for me to also be paid in some manner.  Buying PGP
+from ViaCrypt is one way to meet this requirement.
+
+
+Other Licensing Restrictions
+----------------------------
+
+Under no circumstances may PGP be distributed without the PGP
+documentation, including this PGP User's Guide.  And, assuming this is
+an RSAREF version of PGP, the RSAREF license agreement must be kept
+with it.  You must also keep the copyright, patent, and trademark
+notices on PGP and its documentation.
+
+The standard freeware PGP release is primarily distributed in
+electronic form, as a single compressed archive file, containing a
+collection of files in a "shrink-wrapped" package.  This package
+should not be broken up and the components separately distributed --
+in the interests of quality control, we want to make it difficult for
+users to obtain PGP without getting the full release package.
+
+
+Distribution
+------------
+
+In the USA, PGP is available for free from the Massachusetts Institute
+of Technology, under the restrictions described above.
 
 The primary release site for PGP is the Massachusetts Institute of
-Technology, at their FTP site "net-dist.mit.edu", in their /pub/PGP
+Technology, at their FTP site "net-dist.mit.edu", in the /pub/PGP
 directory.  You may obtain free copies or updates to PGP from this
 site, or any other Internet FTP site or BBS that PGP has spread to.
 Don't ask me for a copy directly from me, especially if you live
-outside the US or Canada.
-
-After all this work I have to admit I wouldn't mind getting some fan
-mail for PGP, to gauge its popularity.  Let me know what you think
-about it and how many of your friends use it.  Bug reports and
-suggestions for enhancing PGP are welcome, too.  Perhaps a future PGP
-release will reflect your suggestions.  
-
-This project has not been funded and the project has nearly eaten me
-alive.  This means you can't count on a reply to your mail, unless
-you only need a short written reply and you include a stamped
-self-addressed envelope.  But I often do reply to E-mail.  Please keep
-it in English, as my foreign language skills are weak.  If you call
-and I'm not in, it's best to just try again later.  I usually don't
-return long distance phone calls, unless you leave a message that I
-can call you collect.  If you need any significant amount of my time,
-I am available on a paid consulting basis, and I do return those
-calls.
-
-The most inconvenient mail I get is for some well-intentioned person
-to send me a few dollars asking me for a copy of PGP.  I don't send 
-it to them because I'd rather avoid any legal problems with PKP.  Or
-worse, sometimes these requests are from foreign countries, and I
-would be risking a violation of US cryptographic export control
-laws.  Even if there were no legal hassles involved in sending PGP to
-them, they usually don't send enough money to make it worth my time.
-I'm just not set up as a low cost low volume mail order business.  I
-can't just ignore the request and keep the money, because they
-probably regard the money as a fee for me to fulfill their request.
-If I return the money, I might have to get in my car and drive down
-to the post office and buy some postage stamps, because these
-requests rarely include a stamped self-addressed envelope.  And I
-have to take the time to write a polite reply that I can't do it.  If
-I postpone the reply and set the letter down on my desk, it might be
-buried within minutes and won't see the light of day again for
-months.  Multiply these minor inconveniences by the number of
-requests I get, and you can see the problem.  Isn't it enough that
-the software is free?  It would be nicer if people could try to get
-PGP from any of the myriad other sources.  If you don't have a modem,
-ask a friend to get it for you.  If you can't find it yourself, I
-don't mind answering a quick phone call. 
-
-If anyone wants to volunteer to improve PGP, please let me know.  It
-could certainly use some more work.  Some features were deferred to
-get it out the door.  A number of PGP users have since donated their
-time to port PGP to Unix on Sun SPARCstations, to Ultrix, to VAX/VMS,
-to OS/2, to the Amiga, and to the Atari ST.  Perhaps you can help
-port it to some new environments.  But please let me know if you plan
-to port or add enhancements to PGP, to avoid duplication of effort,
-and to avoid starting with an obsolete version of the source code.  
-
-Because so many foreign language translations of PGP have been
-produced, most of them are not distributed with the regular PGP
-release package because it would require too much disk space. 
-Separate language translation "kits" are available from a number of
-independent sources, and are sometimes available separately from the
-same distribution centers that carry the regular PGP release
-software.  These kits include translated versions of the file 
-LANGUAGE.TXT, PGP.HLP, and the PGP User's Guide.  If you want to
-produce a translation for your own native language, contact me first
-to get the latest information and standard guidelines, and to find
-out if it's been translated to your language already.  To find out
-where to get a foreign language kit for your language, you might
-check on the Internet newsgroups, or get it from Mike Johnson
-(mpj@csn.org).
-
-If you have access to the Internet, watch for announcements of new
-releases of PGP on the Internet newsgroups "sci.crypt" and PGP's own
-newsgroup, "alt.security.pgp".  If you want to know where to get PGP,
-MIT is the primary FTP distribution site (net-dist.mit.edu).  Or ask
-Mike Johnson (mpj@csn.org) for a list of Internet FTP sites and BBS
-phone numbers.
-
-Future versions of PGP may have to change the data formats for
-messages, signatures, keys and key rings, in order to provide
-important new features.  This may cause backward compatibility
-problems with this version of PGP.  Future releases may provide
-conversion utilities to convert old keys, but you may have to dispose
-of old messages created with the old PGP.
-
+outside the US or Canada.  I recommend that you not use any modified
+version of PGP that comes from any other source, other than MIT,
+ViaCrypt, or me, unless it is accompanied by a signed endorsement
+from me personally.  You can get the official release software from
+many other distribution sites "downstream" from MIT.  Hopefully, all
+these other sites are adhering to US export controls.
+
+The PGP version 2.6.1 executable object release package for MSDOS
+contains the PGP executable software, documentation, RSAREF license,
+sample key rings including my own public key, and signatures for the
+software and this manual, all in one PKZIP compressed file called
+pgp261.zip.  The PGP source release package for MSDOS contains all
+the C source files in one PKZIP compressed file called pgp261s.zip. 
+The filename for the release package is derived from the version
+number of the release.
 
 
 Export Controls
@@ -2222,17 +2325,32 @@ Export Controls
 The U.S. Government has made it illegal in most cases to export good
 cryptographic technology, and that may include PGP.  They regard this
 kind of software just like they regard munitions.  This is determined
-by volatile State Department, Defense Department and Commerce
-Department policies, not fixed laws.  I will not export this software
-out of the US or Canada in cases when it is illegal to do so under US
-controls, and I urge other people not to export it on their own.
-
-If you live outside the US or Canada, I urge you not to violate US
-export laws by getting any version of PGP in a way that violates
-those laws.  Since thousands of domestic users got the first version
-after its initial publication, it somehow leaked out of the US and
-spread itself widely abroad, like dandelion seeds blowing in the
-wind.
+not by legislation, but by administrative policies of the State
+Department, Defense Department and Commerce Department.
+
+The U.S. Government is using export restrictions as a means of
+suppressing both domestic and foreign availability of cryptographic
+technology.  In particular, it is trying to suppress the emergence of
+an international standard for cryptographic protocols, until it can
+establish the Escrowed Encryption Standard (the Clipper chip) as the
+dominant standard.
+
+Any export restrictions on PGP are imposed by the US Government. 
+This does not imply that I or MIT agree with these restrictions.  We
+just comply with them.  We do not impose additional licensing
+restrictions of our own on the use of PGP outside of the US, other
+than those restrictions that already apply inside the US.  PGP may be
+subject to export controls.  Anyone wishing to export it should first
+consult the State Department's Office of Defense Trade Controls.
+
+I will not export this software out of the US or Canada in cases when
+it is illegal to do so under US controls, and I urge other people not
+to export it on their own.  If you live outside the US or Canada, I
+urge you not to violate US export laws by getting any version of PGP
+in a way that violates those laws.  Since thousands of domestic users
+got the first version after its initial publication, it somehow
+leaked out of the US and spread itself widely abroad, like dandelion
+seeds blowing in the wind.
 
 Starting with PGP version 2.0 through version 2.3a, the release point
 of the software has been outside the US, on publicly-accessible
@@ -2244,27 +2362,46 @@ cases where this was ever enforced for i
 software into the US.  I imagine that a legal action of that type
 would be quite a spectacle of controversy.
 
-ViaCrypt PGP version 2.4 is sold in the United States and Canada and
-is not for export.  The following language was supplied by the US
-Government to ViaCrypt for inclusion in the ViaCrypt PGP
-documentation:  "PGP is export restricted by the Office of Export
-Administration, United States Department of Commerce and the Offices
-of Defense Trade Controls and Munitions Control, United States
-Department of State.  PGP cannot be exported or reexported, directly
-or indirectly, (a) without all export or reexport licenses and
-governmental approvals required by any applicable laws, or (b) in
-violation of any prohibition against the export or reexport of any
-part of PGP."  The Government may take the position that the freeware
-PGP versions are also subject to those controls.
+ViaCrypt PGP is sold in the United States and Canada and is not for
+export.  The following language was supplied by the US Government to
+ViaCrypt for inclusion in the ViaCrypt PGP documentation:  "PGP is
+export restricted by the Office of Export Administration, United
+States Department of Commerce and the Offices of Defense Trade
+Controls and Munitions Control, United States Department of State. 
+PGP cannot be exported or reexported, directly or indirectly, (a)
+without all export or reexport licenses and governmental approvals
+required by any applicable laws, or (b) in violation of any
+prohibition against the export or reexport of any part of PGP."  The
+Government may take the position that the freeware PGP versions are
+also subject to those controls.
 
 The freeware PGP versions 2.5 and 2.6 were released through a posting
 on a controlled FTP site maintained by MIT.  This site has
 restrictions and limitations which have been used on other FTP sites
 to comply with export control requirements with respect to other
 encryption software such as Kerberos and software from RSA Data
-Security, Inc. I urge you not to do anything which would weaken those
-controls or facilitate any improper export of ViaCrypt PGP or the
-freeware PGP versions.
+Security, Inc.  I urge you not to do anything which would weaken
+those controls or facilitate any improper export of PGP.
+
+Although PGP has become a worldwide de facto standard for E-mail
+encryption, and is widely available overseas, I still get calls from
+people outside the US who ask me if it is legal to use it in their
+own country, for versions that are already available there.  Please
+don't contact me to ask me if it is legal to use PGP in your country
+if you live outside the US.  That question is not up to me.  I've got
+enough legal problems of my own with export control issues, without
+getting involved in giving you legal advice over my phone.  It might
+even put me at some legal risk to simply answer a question like that
+for a foreigner.  If this question concerns you, ask someone else,
+like a lawyer.
+
+You may have a need to use PGP in a commercial application outside
+the US or Canada.  Unfortunately, at the time of this writing, there
+is no current commercial source for PGP outside the US or Canada.  I
+am trying to find a US-legal way to make a commercially licensed
+version available abroad, but right now the US export restrictions
+make that difficult without putting me at legal risk.  This situation
+may change.
 
 Some foreign governments impose serious penalties on anyone inside
 their country for merely using encrypted communications.  In some
@@ -2277,30 +2414,34 @@ Philip Zimmermann's Legal Situation
 -----------------------------------
 
 At the time of this writing, I am the target of a US Customs criminal
-investigation in the Northern District of California.  My defense
-attorney has been told by the Assistant US Attorney that the area of
-law of interest to the investigation has to do with the export
-controls on encryption software.  The federal mandatory sentencing
-guidelines for this offense are 41 to 51 months in a federal prison.
-US Customs appears to be taking the position that electronic domestic
-publication of encryption software is the same as exporting it.  The
-prosecutor has issued a number of federal grand jury subpoenas.  It
-may be months before a decision is reached on whether to seek
-indictment.  This situation may change at any time, so this
-description may be out of date by the time you read it.  Watch the
-news for further developments.  If I am indicted and this goes to
-trial, it will be a major test case.
+investigation in the Northern District of California.  A criminal
+investigation is not a civil lawsuit.  Civil lawsuits do not involve
+prison terms.  My defense attorney has been told by the Assistant US
+Attorney that the area of law of interest to the investigation has to
+do with the export controls on encryption software.  The federal
+mandatory sentencing guidelines for this offense are 41 to 51 months
+in a federal prison.  US Customs appears to be taking the position
+that electronic domestic publication of encryption software is the
+same as exporting it.  The prosecutor has issued a number of federal
+grand jury subpoenas.  It may be months before a decision is reached
+on whether to seek indictment.  This situation may change at any
+time, so this description may be out of date by the time you read
+it.  Watch the news for further developments.  If I am indicted and
+this goes to trial, it will be a major test case.
 
 I have a legal defense fund set up for this case.  So far, no other
 organization is doing the fundraising for me, so I am depending on
-people like you to contribute directly to this cause.  The fund is run
-by my lead defense attorney, Phil Dubois, here in Boulder.  Please
-send your contributions to:
+people like you to contribute directly to this cause.  If you care
+about the future of your civil liberties in the information age, then
+perhaps you will care about this case.  The legal fees are expensive,
+the meter is running, and I need your help.  The fund is run by my
+lead defense attorney, Phil Dubois, here in Boulder.  Please send
+your contributions to:
 
-   Philip Dubois
+   Philip L. Dubois, Lawyer
    2305 Broadway
    Boulder, Colorado 80304 USA
-   Phone 303-444-3885
+   Phone (303) 444-3885
    E-mail:  dubois@csn.org
 
 You can also phone in your donation and put it on Mastercard or Visa.
@@ -2313,14 +2454,14 @@ encrypt it with Phil Dubois's public key
 standard PGP distribution package, in the "keys.asc" file).  Put a
 note on the subject line that this is a donation to my legal defense
 fund, so that Mr. Dubois will decrypt it promptly.  Please don't send
-a lot of casual encrypted email to him -- I'd rather he use his
+a lot of casual encrypted E-mail to him -- I'd rather he use his
 valuable time to work on my case.
 
-If you want to read some press stories about this case, see the
-following references:
+If you want to read some press stories to find out why this is an
+important case, see the following references:
 
   1)  William Bulkeley, "Cipher Probe", Wall Street Journal, Thursday
-      April 28th, 1994, front page.
+      28 April 1994, front page.
   2)  John Cary, "Spy vs. Computer Nerd:  The Fight Over Data
       Security", Business Week, 4 Oct 1993, page 43.
   3)  Jon Erickson, "Cryptography Fires Up the Feds", Dr. Dobb's
@@ -2329,11 +2470,21 @@ following references:
       Programs", New York Times, Tuesday 21 Sep 1993, page C1.
   5)  Kurt Kleiner, "Punks and Privacy", Mother Jones Magazine, 
       Jan/Feb 1994, page 17.
-  6)  John Markoff, "Cyberspace Under Lock and Key", New York Times,
+  6)  Steven Levy, "Battle of the Clipper Chip", New York Times
+      Magazine, Sunday 12 Jun 1994, page 44.
+  7)  Steven Levy, "Crypto Rebels", WIRED, May/Jun 1993, page 54.
+  8)  John Markoff, "Cyberspace Under Lock and Key", New York Times,
       Sunday 13 Feb 1994.
-  7)  Philip Elmer-DeWitt, "Who Should Keep the Keys", Time, 14 Mar
+  9)  Philip Elmer-DeWitt, "Who Should Keep the Keys", Time, 14 Mar
       1994, page 90.
 
+There are a great many other articles on PGP from around the world. 
+I'm keeping a scrapbook.
+
+
+Other Sources of Information on PGP
+===================================
+
 
 Where to Get a Commercial Version of PGP
 ----------------------------------------
@@ -2342,43 +2493,150 @@ To get a fully licensed version of PGP f
 contact:
 
    ViaCrypt
-   2104 West Peoria Avenue
-   Phoenix, Arizona 85029
-   Phone: 602-944-0773 
-   Fax: 602-943-2601
+   9033 North 24th Avenue, Suite 7
+   Phoenix, Arizona 85021  USA
+   Phone: (602) 944-0773, or (800) 536-2664 
+   Fax: (602) 943-2601
    E-mail: viacrypt@acm.org
 
 ViaCrypt has a version of PGP for MSDOS, and a number of Unix
-platforms.  Other versions are under development.  If you have a need
-to use PGP in a commercial or Government setting, and ViaCrypt has a
-version of PGP for your hardware platform, you should get ViaCrypt
-PGP.
+platforms.  They also have a Windows shell version, and other 
+versions are under development, including Macintosh.  If you have a
+need to use PGP in a commercial or Government setting, and ViaCrypt
+has a version of PGP for your hardware platform, you should get
+ViaCrypt PGP.
 
 ViaCrypt has obtained all the necessary licenses from PKP, Ascom-Tech
 AG, and Philip Zimmermann to sell PGP for use in commercial or
-Government environments.  ViaCrypt PGP is every bit as secure as the
+government environments.  ViaCrypt PGP is every bit as secure as the
 freeware PGP, and is entirely compatible in both directions with the
 freeware version of PGP.  ViaCrypt PGP is the perfect way to get a
 fully licensed version of PGP into your corporate environment.
 
+If you work in a large company and you are a fan of PGP, I urge you
+to try to persuade your company to buy lots of copies of PGP from
+ViaCrypt.  Not just because that will earn royalties for me.  If
+ViaCrypt can make PGP a commercial success, it will go a long way
+toward cementing PGP's political future as an unstoppable standard
+for E-mail encryption in the corporate world.  The corporate world is
+where the money is, and that affects public policy like nothing
+else.  And that includes Government policy to suppress strong
+cryptography.
+
+
 
 Reporting PGP Bugs
 ------------------
 
 Bugs in PGP should be reported via E-mail to MIT, the official
 distribution site of PGP.  The E-mail address for bug reports is
-pgp-bugs@mit.edu.
+pgp-bugs@mit.edu.  MIT will forward a copy of your bug report to me. 
+When you report bugs, be sure to specify what machine and operating
+system you are using and what version of PGP you have, and provide
+enough detail to reproduce the problem.  It would also be a good idea
+to find out if you have the latest version of PGP, in case the bug
+has already been fixed.  Also, it's a good idea to make sure it
+really is a bug before you report it.  RTFM.
+
+
+
+Fan Mail, Updates, and News
+---------------------------
+
+After all this work I have to admit I wouldn't mind getting some fan
+mail for PGP, to gauge its popularity.  Let me know what you think
+about it and how many of your friends use it.  Bug reports and
+suggestions for enhancing PGP are welcome, too.  Perhaps a future PGP
+release will reflect your suggestions.  
+
+This project has not been funded and the project has nearly eaten me
+alive.  This means you usually won't get a reply to your mail, unless
+you only need a short written reply and you include a stamped
+self-addressed envelope.  But I often do reply to E-mail.  Please
+keep it in English, as my foreign language skills are weak.  If you
+call and I'm not in, it's best to just try again later.  I usually
+don't return long distance phone calls, unless you leave a message
+that I can call you collect, and even then I might not return your
+call.  If you need any significant amount of my time, I am available
+on a paid consulting basis, and I always return those calls.
+
+The most inconvenient mail I get is for some well-intentioned person
+to send me a few dollars asking me for a copy of PGP.  I don't send 
+it to them because I'd rather avoid any legal problems with PKP.  Or
+worse, sometimes these requests are from foreign countries, and I
+would be risking a violation of US cryptographic export control
+laws.  Even if there were no legal hassles involved in sending PGP to
+them, they usually don't send enough money to make it worth my time.
+I'm just not set up as a low cost low volume mail order business.  I
+can't just ignore the request and keep the money, because they
+probably regard the money as a fee for me to fulfill their request.
+If I return the money, I might have to get in my car and drive down
+to the post office and buy some postage stamps, because these
+requests rarely include a stamped self-addressed envelope.  And I
+have to take the time to write a polite reply that I can't do it.  If
+I postpone the reply and set the letter down on my desk, it might be
+buried within minutes and won't see the light of day again for
+months.  Multiply these minor inconveniences by the number of
+requests I get, and you can see the problem.  Isn't it enough that
+the software is free?  It would be nicer if people could try to get
+PGP from any of the myriad other sources.  If you don't have a modem,
+ask a friend to get it for you.  If you can't find it yourself, I
+don't mind answering a quick phone call.
+
+If anyone wants to volunteer to improve PGP, please let me know.  It
+could certainly use some more work.  Some features were deferred to
+get it out the door.  A number of PGP users have since donated their
+time to port PGP to Unix on Sun SPARCstations, to Ultrix, to VAX/VMS,
+to OS/2, to the Amiga, and to the Atari ST.  Perhaps you can help
+port it to some new environments.  But please let me know if you plan
+to port or add enhancements to PGP, to avoid duplication of effort,
+and to avoid starting with an obsolete version of the source code.  
+
+Because so many foreign language translations of PGP have been
+produced, most of them are not distributed with the regular PGP
+release package because it would require too much disk space. 
+Separate language translation "kits" are available from a number of
+independent sources, and are sometimes available separately from the
+same distribution centers that carry the regular PGP release
+software.  These kits include translated versions of the file 
+LANGUAGE.TXT, PGP.HLP, and the PGP User's Guide.  If you want to
+produce a translation for your own native language, contact me first
+to get the latest information and standard guidelines, and to find
+out if it's been translated to your language already.  To find out
+where to get a foreign language kit for your language, you might
+check on the Internet newsgroups, or get it from Mike Johnson
+(mpj@csn.org).
+
+If you have access to the Internet, watch for announcements of new
+releases of PGP on the Internet newsgroups "sci.crypt" and PGP's own
+newsgroup, "alt.security.pgp".  If you want to know where to get PGP,
+MIT is the primary FTP distribution site (net-dist.mit.edu).  Or ask
+Mike Johnson (mpj@csn.org) for a list of Internet FTP sites and BBS
+phone numbers.
 
 
 
 Computer-Related Political Groups
-=================================
+---------------------------------
 
 PGP is a very political piece of software.  It seems appropriate to
 mention here some computer-related activist groups.  Full details on
 these groups, and how to join them, is provided in a separate
 document file in the PGP release package.
 
+The Electronic Privacy Information Center (EPIC) is a public interest
+research center in Washington, DC.  It was established in 1994 to
+focus public attention on emerging privacy issues relating to the
+National Information Infrastructure, such as the Clipper Chip, the
+Digital Telephony proposal, medical record privacy, and the sale of
+consumer data.  EPIC is sponsored by the Fund for Constitutional
+Government and Computer Professionals for Social Responsibility. 
+EPIC publishes the EPIC Alert and EPIC Reports, pursues Freedom of
+Information Act litigation, and conducts policy research on emerging
+privacy issues.  For more information email info@epic.org, or write
+EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003.
++1 202 544 9240 (tel), +1 202 547 5482 (fax).
+
 The Electronic Frontier Foundation (EFF) was founded in 1990 to
 assure freedom of expression in digital media, with a particular
 emphasis on applying the principles embodied in the US Constitution
@@ -2391,20 +2649,25 @@ computer professionals and computer user
 responsible use of information technology and empowers all who use
 computer technology to participate in public policy debates on the
 impacts of computers on society.  They can be reached at:
-415-322-3778 in Palo Alto, E-mail address cpsr@csli.stanford.edu.
+(415) 322-3778 in Palo Alto, E-mail address cpsr@csli.stanford.edu.
 
-The League for Programming Freedom (LPF) is a grass-roots organization
-of professors, students, businessmen, programmers and users dedicated
-to bringing back the freedom to write programs.  They regard patents
-on computer algorithms as harmful to the US software industry.  They
-can be reached at (617) 433-7071.  E-mail address: lpf@uunet.uu.net.
+The League for Programming Freedom (LPF) is a grass-roots
+organization of professors, students, businessmen, programmers and
+users dedicated to bringing back the freedom to write programs.  They
+regard patents on computer algorithms as harmful to the US software
+industry (and so do I!).  They can be reached at (617) 433-7071. 
+E-mail address: lpf@uunet.uu.net.
 
 For more details on these groups, see the accompanying document in
 the PGP release package.
 
-
-Recommended Introductory Readings
-=================================
+
+
+Recommended Readings
+--------------------
+
+
+Introductory Readings
 
 1)  Bruce Schneier, "Applied Cryptography: Protocols, Algorithms, and
     Source Code in C", John Wiley & Sons, 1993
@@ -2416,27 +2679,37 @@ Recommended Introductory Readings
 4)  Martin E. Hellman, "The Mathematics of Public-Key Cryptography," 
     Scientific American, Aug 1979
 5)  Steven Levy, "Crypto Rebels", WIRED, May/Jun 1993, page 54.
-    (This is a "must-read" article on PGP and other related topics.)
+    (A "must-read" article on PGP and other related topics.)
+6)  Steven Levy, "Battle of the Clipper Chip", New York Times
+    Magazine, Sunday 12 Jun 1994, page 44. (Great article, great
+    photos.)
+7)  William Bulkeley, "Cipher Probe", Wall Street Journal, 28 April
+    1994, front page.  (An article on PGP and Zimmermann.)
+
 
 Other Readings
-==============
 
-6)  Ronald Rivest, "The MD5 Message Digest Algorithm", MIT Laboratory
+8)  Ronald Rivest, "The MD5 Message Digest Algorithm", MIT Laboratory
     for Computer Science, 1991
-7)  Xuejia Lai, "On the Design and Security of Block Ciphers", 
+9)  Xuejia Lai, "On the Design and Security of Block Ciphers", 
     ETH Series on Information Processing (Ed. J. L. Massey),
     Vol. 1, Hartung-Gorre Verlag, Konstanz, Switzerland, 1992
-8)  Philip Zimmermann, "A Proposed Standard Format for RSA 
+10) Philip Zimmermann, "A Proposed Standard Format for RSA 
     Cryptosystems", Advances in Computer Security, Vol III, edited by
     Rein Turn, Artech House, 1988
-9)  Paul Wallich, "Electronic Envelopes", Scientific American, Feb
-    1993, page 30.  (This is an article on PGP)
-10) William Bulkeley, "Cipher Probe", Wall Street Journal, 28 April
-    1994, front page.  (This is an article on PGP and Zimmermann)
+11) Paul Wallich, "Electronic Envelopes", Scientific American, Feb
+    1993, page 30.  (An article on PGP)
+12) William Stallings, "Pretty Good Privacy", BYTE, July 1994, page
+    193
+13) Philip Zimmermann, "The Official PGP User's Guide", MIT Press,
+    1994 (in press)
+14) Philip Zimmermann, "PGP Source Code and Internals", MIT Press,
+    1994 (in press)
+
 
 
 To Contact the Author
-=====================
+---------------------
 
 Philip Zimmermann may be reached at:
 
@@ -2444,9 +2717,8 @@ Boulder Software Engineering
 3021 Eleventh Street
 Boulder, Colorado 80304  USA
 Internet:  prz@acm.org
-Phone 303-541-0140 (voice)  (10:00am - 7:00pm Mountain Time)
-Fax line available, if you arrange it via voice line.
-
+Phone (303) 541-0140 (voice)  (10:00am - 7:00pm Mountain Time)
+Fax available, if you arrange it via voice line.
 
 
 Appendix A:  Where to Get PGP
@@ -2456,6 +2728,7 @@ The following describes how to get the f
 cryptographic software PGP (Pretty Good Privacy) from an anonymous
 FTP site on Internet, or from other sources.  
 
+PGP has become a worldwide de facto standard for E-mail encryption.
 PGP has sophisticated key management, an RSA/conventional hybrid 
 encryption scheme, message digests for digital signatures, data
 compression before encryption, and good ergonomic design.  PGP is
@@ -2475,19 +2748,19 @@ mode at both ends.
 
 There are two compressed archive files in the standard release, with
 the file name derived from the release version number.  For PGP
-version 2.6, you must get pgp26.zip which contains the MSDOS binary
-executable and the PGP User's Guide, and you can optionally get
-pgp26src.zip which contains all the source code.  These files can be
-decompressed with the MSDOS shareware archive decompression utility
-PKUNZIP.EXE, version 1.10 or later.  For Unix users who lack an
-implementation of UNZIP, the source code can also be found in the
-compressed tar file pgp26src.tar.Z.
+version 2.6.1, you must get pgp261.zip which contains the MSDOS
+binary executable and the PGP User's Guide, and you can optionally
+get pgp261s.zip which contains all the source code.  These files can
+be decompressed with the MSDOS shareware archive decompression
+utility PKUNZIP.EXE, version 1.10 or later.  For Unix users who lack
+an implementation of UNZIP, the source code can also be found in the
+compressed tar file pgp261s.tar.Z.
 
 If you don't have any local BBS phone numbers handy, here is a BBS
 you might try.  The Catacombs BBS, operated by Mike Johnson in
 Longmont, Colorado, has PGP available for download by people in the US
 or Canada only.  The BBS phone number is 303-772-1062.  Mike
-Johnson's voice phone number is 303 772-1773, and his email address
+Johnson's voice phone number is 303 772-1773, and his E-mail address
 is mpj@csn.org.  Mike also has PGP available on an Internet FTP site
 for users in the US or Canada only; the site name is csn.org, in
 directory /mpj/, and you must read the README.MPJ file to get it.
@@ -2502,12 +2775,7 @@ directions with the freeware version of
 perfect way to get a fully licensed version of PGP into your
 corporate or Government environment.
 
-Source and binary distributions of PGP are available from the Canadian
-Broadcasting Corporation library, which is open to the public.  It has
-branches in Toronto, Montreal, and Vancouver.  Contact Max Allen, at
-+1 416 205-6017 if you have questions.
-
-Here are a few people and their email addresses or phone numbers you
+Here are a few people and their E-mail addresses or phone numbers you
 can contact in some countries to get information on local PGP 
 availability for versions earlier than 2.5: