-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

After a technical review of the buffer overflow bug in RSAREF, we
have determined at Network Associates that PGP is not affected by
this bug, because of the careful way that PGP uses RSAREF.

This applies to all versions of PGP ever released by MIT, which are
the only versions of PGP that use RSAREF.  All other versions of PGP,
such as the commercial versions and the international versions, avoid
the use of RSAREF entirely.

Philip Zimmermann
10 December 1999

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2

iQA/AwUBOFFVO2PLaR3669X8EQJH+ACffx9YEwWsnIzS4Ddk9OzNpEHBlmEAoM+H
c+E4tARVYl3x5iZ2aWMiB6Zp
=fINn
-----END PGP SIGNATURE-----