Announcing Nautilus 1.0: Secure Telephony on your Personal Computer
===================================================================

WHAT IS NAUTILUS?
-----------------

Nautilus is a program that lets you have encrypted voice telephone
conversations with your friends without needing any special equipment.
Nautilus runs on IBM-PC compatible personal computers (386DX25 or
faster) under MSDOS or Linux as well as desktop Sun workstations
running SunOS or Solaris.  The MSDOS version requires a Soundblaster
compatible sound card while the Linux version can also support some
additional cards.  All versions need a high speed (9600 bps or faster)
modem to work.  The speech quality is pretty good at 14.4kbps and
acceptable at speeds as low as 7200 bps.  This means that Nautilus can
be used reasonably reliably over cellular phones, in good reception
areas.

Nautilus is the first program of this type that we know of to be
distributed for free with source code.  A few similar commercial
programs have been distributed without source, so that their security
cannot be independently examined.  Other free programs with source are
now beginning to appear.


GET IT WHILE YOU CAN
--------------------

Certain parts of the US Government appear to be working to ban
civilian use of cryptography whose keys are not accessible to the
government.  Documents recently obtained from the FBI under the
Freedom of Information Act support this conclusion.  If programs like
Nautilus are made illegal, we will have to stop further development
and distribution.

We believe that the US Constitution entitles every citizen to use
secure communications that only he or she controls the keys to (see
the First and Fourth Amendments for more information).  So we urge
everybody to get a copy of Nautilus *now* and start using it.
Although we have many enhancements planned for future versions that
will make Nautilus better to use, the current version is already
reliable and provides everything necessary to protect your privacy
even if no further improvements are released.

For more info about the recently published FBI documents, see the
Electronic Privacy Information Center's web page on the subject at
http://www.epic.org/crypto/ban/fbi_dox/.


WHAT IS NEW IN THIS RELEASE?
----------------------------

We are pleased to announce that with this release, Nautilus is
officially out of beta test.  Nautilus has been through three public
beta test releases and been examined by several knowledgeable
cryptographers.  No catastrophic security bugs were found in any of
the beta releases, though some minor ones have been found and fixed.
Nautilus 1.0 has a few minor user interface and other improvements and
some non-security-related bug fixes compared to 0.9.2, but 0.9.2 has
been operating stably for several months and has needed *no* security
fixes.  Version 1.0 is entirely compatible with 0.9.2 and we have
deliberately postponed adding any new features that we feared might
introduce bugs.  Version 1.1 will have some interesting new features
including an automatic key exchange protocol that gives forward
secrecy and does not require secret passphrases.

While Nautilus still has had nowhere near the net-wide scrutiny of
email programs like PGP, its ciphers are well-tested and its protocols
are simple and robust.  We are now willing to place more confidence in
Nautilus's security than we would in any of the comparable programs
that we know of.  This is mostly because the other programs have not
withstood public scrutiny of their source code for as long (or at all).

New Feature Summary for Version 1.0:

    + Linux and Solaris support
    + Updated documentation
    + "Verbose mode" prints more info about Nautilus's operation
    + Enhanced 8500bps coder (improved audio quality)
    + Ability to change mic sensitivity from config file (see docs)
    + Ability to change output volume from config file (see docs)
    + Ability to set arbitrary com port addresses and IRQ's.
    + Automatically detects incompatible versions at the
      other end and tells you what is wrong (previous versions
      mysteriously just didn't work when the other end was
      incompatible).

The remainder of this announcement is similar to earlier Nautilus
announcements, so if you have already seen the earlier ones, just connect
to the nearest ftp site mentioned below to download the 1.0 release
of Nautilus.

HOW DOES NAUTILUS WORK?
-----------------------

Nautilus uses your computer's audio hardware to digitize and play back
your speech using homebrew speech compression functions built into 
the program.  It encrypts the compressed speech using your choice of
the Blowfish, Triple DES, or IDEA block ciphers, and transmits the
encrypted packets over your modem to your friend's computer.  At the
other end, the process is reversed.  The program is half-duplex; just
hit a key to switch between talking and listening.

Nautilus's encryption key is generated from a shared secret passphrase
that you and your friend choose together ahead of time, perhaps via
email using PGP, RIPEM, or a similar program.  Nautilus itself does not
currently incorporate any form of public key cryptography.

Further details are in the documentation file included with the program.

FTP SITES
---------

Nautilus is available in three different formats:

nautilus-1.0.tar.gz - full source code
naut100.zip           - MSDOS executable and associated documentation
naut100s.zip          - full source code

It is available at the following FTP sites:

ftp://ftp.csn.org:/mpj/I_will_not_export/crypto_???????/voice/
This is an export controlled ftp site: read /mpj/README for
information on access.

ftp://miyako.dorm.duke.edu/mpj/crypto/voice/
This is an export controlled ftp site: read /mpj/GETTING_ACCESS for
information on access.

ftp://ripem.msu.edu/pub/crypt/other/nautilus-phone-1.0-source.tar.gz
ftp://ripem.msu.edu/pub/crypt/msdos/nautilus-phone-1.0-source.zip
ftp://ripem.msu.edu/pub/crypt/msdos/nautilus-phone-1.0-exe.zip
This is an export controlled ftp site: read /pub/crypt/GETTING_ACCESS
for information on access.

You may be able to find additional ftp sites using the "archie"
ftp site locating program.  See http://www.earn.net/gnrt/archie.html
for more info.

It is also available at:

Colorado Catacombs BBS - (303) 772-1062

INTERNATIONAL USE
-----------------

Sorry, but under current US law, Nautilus is legal for domestic use in
the US only.  We don't like this law but have to abide by it while it
is in effect.  Nautilus is distributed through export-restricted FTP
sites for this reason.  Export it at your own risk.

IMPORTANT
---------

Although we've done our best to choose secure ciphers and protocols
for Nautilus, and its design details have been reviewed by several
experts, it is still VERY EASY to make mistakes in such programs that
mess up the security.  It is still possible, though less likely than
before, that some security bugs remain.  We urge that users needing
very high security take an in-depth approach to protecting their
privacy.  See the Nautilus documentation file for more info.

As usual, we encourage cryptographers and users alike to examine and
test the program thoroughly, and *please* let us know if you find
anything wrong.  And as always, although we'll try to fix any bugs
reported to us, WE CANNOT BE RESPONSIBLE FOR ANY ERRORS.

CONTACTING THE DEVELOPERS
-------------------------

The Nautilus development team is now made up of Bill Dorsey, Pat
Mullarky, Paul Rubin, Gil Spencer, and Andy Fingerhut.  To contact the
developers, send email to <nautilus@lila.com>.

This announcement, and the source and executable distribution files,
are all signed with the following PGP public key.  Please use it to
check the authenticity of the files and of any fixes we may post.  You
can also use it to send us encrypted email if you want.  We will try
to keep such email confidential, but cannot guarantee it.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAi+tZx4AAAEEALUDK2d68thTyVmD5bXeBEELLFtAgNU6O+M+anooPjXr9sBD
7HsHt4VYtDNY3ecefQAFTzTrBwn9V7Ya2EwVttT2cTEiOj9O6mii+QvOXplxsyWo
SHsuLIjUzHqY9KvlDDMrBuVhs1qWdbXXax4uKB83kZUlABCVAinl/J//FNOFAAUT
tCdOYXV0aWx1cyBEZXZlbG9wZXJzIDxuYXV0aWx1c0BsaWxhLmNvbT6JAJUCBRAv
rWeHg1x2TS1X7GUBAYw4BACNBO/efXHqyMfFw8fzfwuUhHqGf4+VRbLWTvL6/JfH
9Vb8G7dhPQQvm6Q6KVnO6LyNskjb1d5noA03vIObC7hwTbr9sznohSd2OyRsTHiE
Zdqnx0uv+ypsK+ZTOs4uRoKLd2C4sMqdylKaoF2D7Ob7rCwaGucQBuom8L0C0O7n
eokAlQIFEC+tZ04p5fyf/xTThQEBe9EEAJS5fQWa7ev5Ke8Rpzx7zKqkbu7MyJS3
KSKIpsxyYqmx8k/9GmzNP4xxXUCjfro1zPp84WS3oeft0Qg9fOee09PFsjQ3yxI6
bH06tPO/mKmNrTGcLQmncrqyf4iOscBoIPYjXSSAG/ULz7Hwa2+vmjUkWk1K93BL
port+RWomAoq
=M+h4
-----END PGP PUBLIC KEY BLOCK-----
