-----BEGIN PGPENVELOPE PROCESSED MESSAGE----- PGP Security is proud to announce the immediate availability of PGP Desktop Security 7.0. The upgrade may be downloaded now from the PGP Security corporate upgrade download site at: http://www.pgp.com/downloads/default.asp As with previous releases, retail and freeware editions will be forthcoming over the next few weeks. For the first time, we are also now legally able to publish source code electronically simultaneous with the release! You will see that appear when we release the freeware edition. I have included in this message the list of new features from the What's New file included with PGP Desktop Security 7.0 for Win32. A few of these features are not in the Macintosh version, but the MacOS version also has some new features which are Mac-specific such as screen locking. We hope your use of this major new release is as pleasureable as our creation of it has been. Thanks! ___________________ NEW FEATURES IN PGP * Enterprise-Class Manageability * 1. Easy pre-configuration and optional "lock down" of PGP product settings. This release takes PGP to the next level of enterprise manageability by introducing several new instrumental features that give administrators more control over PGP deployments in their environments. Using the updated PGPadmin utility, administrators can pre-configure all settings within PGP 7.0 (ranging from cryptographic policies to Personal Firewall settings) prior to deploying PGP to their end users. Administrators can also specify, on a very granular level, which settings in PGP are "locked down" from user modification. "Locked down" settings appear grayed out in the GUI to end users, and are protected in storage using cryptographic methods. 2. Automated configuration updating. PGP 7.0 introduces a valuable feature that helps administrators keep product configuration information on deployed PGP clients up-to-date. Computers protected by PGP 7.0 can automatically download updated configuration information on a scheduled basis from any PGP Keyserver 7.0 or standard LDAP v2 or v3 compliant directory. Updates can be downloaded using standard LDAP or LDAPS (LDAP over SSL - which provides configuration data over a strongly authenticated and encrypted connection). 3. "Shrink-to-fit" pre-configured packages of PGP. PGP 7.0 includes a new space-saving feature that creates smaller pre-configured packages of PGP based on what components administrators choose to deploy to their end users. The updated PGPadmin utility will automatically remove all unneeded components from pre-configured packages of PGP, therefore reducing overall package size. This minimizes download times when deploying PGP to end users. 4. Improved multi-user support on Windows NT/2000 systems. This release introduces improved support for multiple users using a single Windows NT/2000 system by storing all user-specific information (keyring, PGP configuration data, random data pool, etc.) in each user's Windows profile area. Computer specific information, such as VPN settings, are stored in a central location on the system. * Personal Firewall / Personal IDS / VPN * 5. Flexible, enterprise-class Personal Firewall and Personal IDS (Intrusion Detection). This release introduces PGP's robust Personal Firewall and Personal IDS technology. PGP creates a dual-layer security perimeter around any computer it protects. Utilizing IDS technology from Network Associates' leading CyberCop family of intrusion protection solutions, PGP provides protection from common attacks, including SYN floods, Ping floods, Smurf, Bonk, Ping of Death, Back Orifice, Teardrop, and so on. PGP provides flexible packet filtering Personal Firewall technology as the second line of defense for computers it protects. The product comes with six specific pre-defined levels of protection, each with its own associated list of packet filtering rules. Administrators can also create customized rules prior to deploying PGP, as well as keep them up-to-date using PGP's new automatic configuration update feature. 6. Automatic blocking of attacks and hostile network traffic. PGP 7.0 can optionally block attacks as soon as they are detected. Additionally, PGP can optionally block all further network traffic from machines identified as being hostile (for an administrator specified period of time). 7. Powerful intruder tracing provides useful tracking information. Utilizing PGP's intruder tracing feature, users and administrators can obtain very detailed information about systems that originated the attack. 8. Customizable user alerting for Intrusion Detection events. PGP 7.0 allows administrators to configure when and how users are notified about attacks against their computers. Responses range from being completely silent to playing a sound and blinking the PGP systray icon. 9. SMTP-based administrator alerting for cyberattacks. This release provides optional SMTP-based alerting to warn administrators of attacks occurring against computers protected by PGP 7.0. 10. Next generation client-to-client and client-to-server VPNs. PGP 7.0 includes revolutionary peer-to-peer VPN capabilities that enable truly scalable, enterprise-wide network encryption. If enabled, PGP 7.0 will attempt to communicate via IPsec whenever an IP-based connection is attempted to or from another network device. This behavior is controlled by administrators and can be enabled only in environments that require this level of security. 11. Simple point-and-click VPN connections via PGP systray. Users can now easily connect to VPN gateways and other VPN endpoints that administrators have configured within PGP to require a manual connection by simply selecting the appropriate link icon in the convenient PGP systray. 12. Support for new IKE/IPsec "mode-config" standard. PGP 7.0 users can now establish VPN connections to networks that are using Network Address Translation (NAT). When users connect to a VPN gateway that also supports this standard, users can automatically obtain a "virtual identity" (IP address along with DNS and WINS server information) which PGP will use when communicating with devices behind the VPN gateway, thus making the user seem like they are located inside the remote network. 13. Support for "split-tunnel" and "non split-tunnel" VPN connections. This release introduces a new "exclusive gateway" capability that allows administrators to optionally force all network traffic from a remote access user's system down a VPN tunnel to your corporate network (e.g., thus preventing split-tunnel VPN connections). This feature not only provides a higher level of network security, but it also provides administrators visibility and control over which web resources users access. 14. Simultaneous protection of multiple network adapters. This release adds support for binding to and protecting multiple network adapters simultaneously (dial-up, cable modem, DSL, LAN, ISDN, etc.), providing Personal Firewall, Personal IDS and VPN capabilities on all selected adapters. 15. Optimized VPN connection performance via new MTU path discovery capability. PGP now automatically determines the optimal packet size (MTU, Maximum Transmission Unit) for each VPN connection. This eliminates any packet fragmentation that may occur due to intermediate Internet routers that use smaller packet sizes than the user's ISP or your corporate network. * PGP Key and X.509 Certificate Support * 16. New RSA key format. PGP 7.0 introduces a new RSA key format that provides support for PGP's Additional Decryption Key (ADK), designated revoker, multiple encryption subkeys and photo ID features. Previously these features were only available to users with Diffie-Hellman keys. PGP will continue to support users who have RSA keys in the older key format (now called the RSA Legacy key format). 17. iPlanet (formerly Netscape) CMS 4.x support. PGP 7.0 includes support for effortlessly requesting, retrieving and using X.509 certificates issued from iPlanet CMS 4.x PKIs. 18. Microsoft Windows 2000 Certificate Services support. This release of PGP adds support for users to easily request, retrieve and use X.509 certificates issued from Microsoft Windows 2000 Certificate Services. 19. Key reconstruction feature helps users recover from lost or forgotten passphrases. PGP 7.0 introduces a new, optional key reconstruction feature that leverages PGP's cryptographic key splitting technology to provide a secure means for users to recover their private keys. This enables users who have forgotten their PGP passphrase to regain access to their encrypted data after answering five questions whose answers only the user would know. 20. Automatic X.509 certificate retrieval upon successful certificate request. After users step through a simple wizard that generates their encryption and signing keypairs at install time, PGP can automatically submit an X.509 certificate request to a pre-configured X.509 RA/CA. This release adds a feature that will automatically poll the associated LDAP directory for the user's certificate. Once the user's certificate is located, it is automatically downloaded and configured as the primary authentication method for PGP's integrated VPN client. 21. Support for using X.509 certificates for secure email. This release gives customers the choice of what type of keys/certificates to use for exchanging secure email (e.g., PGP keys and/or X.509 certificates). PGP 7.0 users can also concurrently send an encrypted email to users with PGP keys as well as other users with X.509 certificates. 22. Automatic X.509 certificate lookup from LDAP directories. If the X.509 certificate of a secure email recipient is not cached locally on the senders PC, PGP can now automatically search an administrator pre-defined list of LDAP directories for that user's certificate. Users can also use the PGPkeys application to perform manual searches of LDAP directories for X.509 certificates. 23. Support for storing and searching for PGP keys on LDAP servers. Extending support for storing PGP keys on servers other PGP Certificate Servers and PGP Keyservers, PGP can now store and retrieve PGP keys from any standard LDAP v2 or v3 compliant directory. 24. Silent keyring maintenance. PGP now performs automatic, unattended keyring maintenance such as key synchronization, trusted introducer updates, CRL downloading, etc. without displaying any non-critical dialog boxes. 25. PGPkeys is able to open to multiple keyrings at once. Users can now open and manage multiple keyrings at a time, thus simplifying keyring management. 26. A new automatic backup feature allows the user to automatically back up keyrings to the keyring directory or another directory when any changes are made to the keyring. PGP no longer creates a series of backups in the keyring folder. Automated keyring backup is now entirely in the user's control. * Entropy and Cryptographic Algorithms * 27. Continuous entropy collection. PGP now continuously collects random data from mouse movements and keystrokes (whether a PGP-related window is open or not), and stirs that random data into the PGP entropy pool. 28. Twofish support. PGP introduces the option of encrypting email, disks, files and ICQ instant messages using Twofish, a relatively new, but well regarded 256-bit cipher. Twofish is one of five finalists for NIST's new Advanced Encryption Standard (AES). * Single Sign On * 29. Improved overall ease-of-use via new centralized passphrase caching. PGP 7.0 simplifies users' lives by only requiring them to enter their passphrase once to one of the many PGP components, and then the user can launch any of the other PGP modules without needing to enter their passphrase again (unless configured to do so by the administrator). * Instant Messaging Plug-In * 30. PGP 7.0 secures the next generation of interpersonal communications by introducing integration with ICQ 99b and ICQ 2000a. Users can now safely share instant messages via PGP's world-renowned encryption and digital signature capabilities, which have been extended to this exciting platform. Users can secure all the methods of communication and data sharing capabilities of ICQ by leveraging the PGP ICQ plug-in for instant message protection and PGP's Dynamic Peer-to-Peer VPN capabilities for securing file transfer, chat and all other direct client-to-client communications. * Email Plug-Ins * 31. Lotus Notes 5.x client support. This release extends PGP's broad messaging platform coverage to another critical platform used in many enterprises today. This new plug-in exploits many of the new interface capabilities of Lotus Notes 5.x, thus making PGP even easier to use. This release of PGP also continues support for Lotus Notes 4.5.x and 4.6.x clients. 32. Rich text support in Outlook plug-in. The PGP plug-in for Outlook 97, 98 and 2000 now supports preserving rich text formatting of digitally signed and/or encrypted messages. * Disk and File Encryption * 33. Mount PGPdisks as folders on Windows 2000 systems. PGP 7.0 includes many enhancements to its transparent disk encryption component, PGPdisk. As an alternative to mounting PGPdisks as a separate virtual drive on a user's system, PGP now supports mounting PGP disks as a virtual folder on Windows 2000 systems with NTFS-formatted drives. 34. Control access to PGPdisks using only PGP keys. Users can now use the new PGPdisk Editor tool to effortlessly add or remove users' public keys to the access list for a PGPdisk. Users can also add passphrases as an alternative method to control access to PGPdisks; however, PGPdisk no longer requires a master/administrative passphrase at the time of creation. 35. Automatic mounting of PGPdisks at logon. Users now have the option having their PGPdisks automatically mount during the startup process. 36. Re-encrypt PGPdisks without PGPdisk re-creation. This release adds the ability for users (or administrators) to re-encrypt all data on a PGPdisk. This feature provides an additional level of protection in environments requiring a higher level of security. PGPdisks can either be re-encrypted using a new CAST encryption key, or they can be converted to using Twofish encryption. * Disk, File and Freespace Wiping * 37. Automatic wipe upon file delete. Users now have the option of having files automatically wiped as soon as they are deleted. On Windows systems with the Recycle Bin enabled, files are wiped once they are "emptied" from the Recycle Bin. 38. Significantly improved disk wiping time. This release incorporates new technology for wiping file slack space and disks that is significantly faster than previous versions of PGP. ---- -- Will Will Price, Director of Engineering PGP Security, Inc. a division of Network Associates, Inc. -----BEGIN PGPENVELOPE INFORMATION----- gpg: Signature made Fri Sep 8 01:44:48 2000 EDT using DSA key ID CF73EC4C gpg: Good signature from "Will Price " gpg: aka "Will Price " gpg: aka "Will Price " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. gpg: Fingerprint: ED11 345D 604A 8462 915B 1154 ACBB 164B CF73 EC4C -----END PGPENVELOPE INFORMATION-----