            PGP Corporate Desktop Version 7.1
           PGP Desktop Security Version 7.0.x,
               PGPfreeware Version 7.0.3,
               PGP E-Business Server 7.1
     Hotfix 0904 for Windows 95, 98, Millenium, NT, and 
        Windows 2000 Copyright (c) 1990-2001 by 
     Networks Associates Technology, Inc., and its
      Affiliated Companies. All Rights Reserved.

     ----------------------------------------------
     -              HOTFIX 0904                   -
     ----------------------------------------------

Thank you for using PGP products.

This Hotfix0904.txt file contains important information
regarding this Hotfix release.  Network Associates strongly
recommends that you read this entire document. Network
Associates welcomes your comments and suggestions. Please use
the information provided in this file to contact us.

Warning: Export of this software may be restricted by the U.S.
Government.

___________________
WHAT'S IN THIS FILE

- About this Hotfix
- Issues resolved in this Hotfix
- Installing the Hotfix
- Contacting Network Associates
- Copyright and Trademark Attributions

_________________
ABOUT THIS HOTFIX

This Hotfix consists of a single compressed file 
(PGP_Hotfix0904_Win32.zip) which you can decompress using an 
extraction utility such as WinZip. The zip file contains three
files: PGPhotfix.exe, PGPhotfix.exe.sig, and this Read Me file.
You may verify the signature file from the PGP Security Software
Release Key prior to installation of the hotfix.

______________________________
ISSUES RESOLVED IN THIS HOTFIX

1)  A vulnerability in PGP's display of key validity has been 
discovered that could allow an attacker to fool users into 
thinking that a valid signature was created by what is actually 
an invalid user ID. If the attacker can obtain a signature on 
their key from a trusted third party, they can then add a second 
user ID to their key which is unsigned. The attacker must then 
switch the unsigned false user ID to primary and convince the 
victim to place the key on their keyring. In such a case, some 
of the displays in PGP do not properly identify the false user 
ID as invalid because the second user ID is fully valid. Whenever 
PGP displays validity information on a per-user ID basis, the 
display is correct. Thus, attentive users who examine the user 
IDs of all public keys which they import to their keyrings will 
immediately notice this problem before it could have any impact.

This issue has been corrected such that all key validity displays 
in PGP will properly mark the unsigned user ID as invalid. 

______________________________
INSTALLATING THE HOTFIX

1.  Extract the files from PGP_Hotfix0904_Win32.zip
    into a folder.

2.  Run the program PGPhotfix.exe. This will replace the existing 
    PGPsdk.dll on your machine with a new version of this dll.

3.  Reboot the machine.

4.  You can verify that the hotfix was installed by looking
    for PGPsdk.dll in your Windows\System directory (for Windows 
    95/98/ME) or Winnt\System32 directory (for Windows NT/2000). 
    Right-click on the file, PGPsdk.dll and choose "Properties". 
    Click on the version tab.  The Product version should be
    "2.0.5" if you are updated a 7.0.x product, or "2.1.1" if
    you are updating a 7.1 product.

NOTE:  Running the PGPhotfix.exe from within any extraction utility 
such as WinZip will not install the Hotfix. You should extract the
Hotfix and then run PGPHotfix.exe

_____________________________
CONTACTING NETWORK ASSOCIATES

You may direct all questions, comments, or requests 
concerning the software you purchased, your registration 
status, or similar issues to the Network Associates 
Customer Service department at the addresses or phone 
numbers listed below.

Contact the Network Associates Customer Service department
between 8:00 a.m. and 8:00 p.m. Central Time, Monday 
through Friday, at:

     Network Associates Customer Service
     4099 McEwen Road, Suite 500
     Dallas, Texas 75244

     Contact information for corporate-licensed
     customers:

     Phone:  (972) 308-9960 
     Email:  services_corporate_division@nai.com
     Web:    http://support.nai.com

     Contact information for retail licensed
     customers:

     Phone:  (972) 308-9960
     Email:  cust_care@nai.com
     Web:    http://www.pgp.com


Send correspondence to the following
Network Associates location:

     Network Associates Corporate Headquarters
     3965 Freedom Circle
     McCandless Towers
     Santa Clara, CA 95054

Or, you can receive online assistance through
any of the following resources:

 1.  World Wide Web:  http://support.nai.com

 2.  Telephone technical support

     Corporate-licensed customers: (972) 308-9960

     Contact Network Associates Customer Service for 
     information about technical support 
     subscription plans.

     Retail-licensed customers:    (972) 855-7044


To provide the answers you need quickly and
efficiently, the Network Associates technical
support staff needs some information about your 
computer and your software. Please have this 
information ready when you call:

 - Program name and version number
 - Computer brand and model
 - Any additional hardware or peripherals
   connected to your computer
 - Operating system type and version numbers
 - Network name, operating system, and version
 - Network card installed, where applicable
 - Modem manufacturer, model, and bits-per-
   second rate, where applicable
 - Relevant browsers or applications and their
   version numbers, where applicable
 - How to reproduce your problem: when it
   occurs, whether you can reproduce it
   regularly, and under what conditions
 - Information needed to contact you by voice,
   fax, or email



*FOR PRODUCT UPGRADES*

Network Associates has a worldwide range of
partnerships and reseller relationships with
hundreds of independent vendors, each of which
can provide you with consulting services, sales
advice, and product support for Network
Associates software. To find a reseller near
your location, see the RESELLER.TXT file
located on your product CD-ROM or installed on
your hard disk. For assistance in locating a
local reseller, you can also contact Network
Associates Customer Service at (972) 
308-9960.


*FOR REPORTING PROBLEMS*

Network Associates prides itself on delivering
a high-quality product. If you find any
problems, please take a moment to review the
contents of this file. If the problem you've
encountered appears in the Known Issues section
of this README.TXT file, Network Associates is
already aware of the problem, and you need not
report it.

If you find any feature that does not appear to
function properly on your system, or if you
believe an application would benefit greatly
from enhancement, please contact Network
Associates or one of its resellers with your
suggestions or concerns.


*FOR ON-SITE TRAINING INFORMATION*

Contact Network Associates Customer Service at
(800) 338-8754.


____________________________________
COPYRIGHT AND TRADEMARK ATTRIBUTIONS

Copyright (c) 1999 Networks Associates Technology, Inc.
All Rights Reserved. No part of this publication may be
reproduced, transmitted, transcribed, stored in a retrieval
system, or translated into any language in any form or by
any means without the written permission of Networks
Associates Technology, Inc., or its suppliers or affiliate
companies.

* TRADEMARKS *

* ActiveHelp, Bomb Shelter, Building a World of Trust,
CipherLink, Clean-Up, Cloaking, CNX, Compass 7, CyberCop,
CyberMedia, Data Security Letter, Discover, Distributed
Sniffer System, Dr Solomons, Enterprise Secure Cast,
First Aid, ForceField, Gauntlet, GMT, GroupShield,
HelpDesk, Hunter, ISDN Tel/Scope, LM 1, LANGuru, Leading
Help Desk Technology, Magic Solutions, MagicSpy, MagicTree,
Magic University, MagicWin, MagicWord, McAfee, McAfee
Associates, MoneyMagic, More Power To You, Multimedia
Cloaking, NetCrypto, NetOctopus, NetRoom, NetScan,
Net Shield, NetShield, NetStalker, Net Tools, Network
Associates, Network General, Network Uptime!, NetXRay,
Nuts & Bolts, PC Medic, PCNotary, PGP, PGP (Pretty Good
Privacy), PocketScope, Pop-Up, PowerTelnet, Pretty Good
Privacy, PrimeSupport, RecoverKey, RecoverKey-International, 
ReportMagic, RingFence, Router PM, Safe & Sound, SalesMagic, 
SecureCast, Service Level Manager, ServiceMagic, Site Meter,
Sniffer, SniffMaster, SniffNet, Stalker, Statistical
Information Retrieval (SIR), SupportMagic, Switch PM,
TeleSniffer, TIS, TMach, TMeg, Total Network Security,
Total Network Visibility, Total Service Desk, Total Virus
Defense, T-POD, Trusted Mach, Trusted Mail, Uninstaller,
Virex, Virex-PC, Virus Forum, ViruScan, VirusScan, VShield,
WebScan, WebShield, WebSniffer, WebStalker WebWall, and
ZAC 2000 are registered trademarks of Network Associates
and/or its affiliates in the US and/or other countries.
All other registered and unregistered trademarks in this
document are the sole property of their respective owners.

* LICENSE AGREEMENT *

NOTICE TO ALL USERS: FOR THE SPECIFIC TERMS OF YOUR LICENSE
TO USE THE SOFTWARE THAT THIS DOCUMENTATION DESCRIBES,
CONSULT THE README.1ST, LICENSE.TXT, OR OTHER LICENSE
DOCUMENT THAT ACCOMPANIES YOUR SOFTWARE, EITHER AS A TEXT
FILE OR AS PART OF THE SOFTWARE PACKAGING. IF YOU DO NOT
AGREE TO ALL OF THE TERMS SET FORTH THEREIN, DO NOT INSTALL
THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO
THE PLACE OF PURCHASE FOR A FULL REFUND.



