<meta http-equiv="Content-Type" content="text/plain; charset=ansi">
<!--
  * $Id: README.txt,v 1.44 2003/04/08 16:04:55 brian Exp $
-->


Readme file for Squirrelmail GPG Plugin code

Last Minute Stuff

        9 April, 2003
        
        We are releasing GPG Plugin Version 1.1 today.
        
        This release adds compatibility for SM v. 1.4 (any SM version greater than 1.3), 
        and preserves functionality for SM v. 1.2.x.
        
        This release also adds Decryption functionality, which has been a 
        much-requested feature.  Because Decryption is a complex feature and is new 
        to the plugin, please report any anomalous behavior, or make any feature 
        requests per the instructions at the bottom of this file, in the section of this 
        document entitled "Reporting Bugs".

        Signed Message verification is working but may not understand all possible
        forms a signature may or may not take within an email. Please report
        anomalies.  In particular, the development team would be interested in reports
        of strange gpg errors when the plugin attempts to automatically verify a signature.

Pre-Installation Requirements

	Using this plugin requires gpg, the GNU Privacy Guard.  gpg is the
	OpenPGP implementation of the popular PGP protocol, now made public in
	the OpenPGP protocol.

	gpg may be obtained in source and binary from:

	http://www.gnupg.org/

	This document will not talk about installing and configuring gpg, except 
	in passing, so please read the gpg documentation for more information.

	GnuPG should be installed and tested on your server, and you will need 
	to know the path to the gpg binary for the install configuration 
	of the plugin. If you need help doing this, try the GnuPG mini-HOWTO:
	
	http://webber.dewinter.com/gnupg_howto/
	
	If you wish to store private keys on the server, see the section below for 
	additional requirements.

Installation

	Installation is the same as for any other Squirrelmail plugin.
	Untar the plugin into your SM plugins directory.
	
	For example:
	tar -zxvf gpg.1.1-1.2.9.tar.gz
	
	Check the options files in the gpg plugin directory:
		gpg_system_defaults.txt and
		gpg_prefs.txt 
		
		Make any necessary changes for your environment in the 
		gpg_local_prefs.txt file.
		Leave the gpg_system_defaults.txt file alone, 
		so you can roll back to a 'clean' install at any time.
	
	Start the SM conf.pl script from the SM config directory, select Plugins,
	and select the 'gpg' plugin.


	Double check that file_uploads = On in php.ini, 
	and edit php.ini and restart your web server if necessary.
	(see Toubleshooting, below, for more on this)
	
Configuration Options

	path_to_gpg=/usr/bin/gpg 
	This sets the fully qualified path to the gpg binary.  On most unix systems,
	gpg will be in the /usr/bin directory, so this defaults to /usr/bin/gpg.
	
	allowprivatekeys=true 
        Do you want to allow your users to use private keys on your system? If you
        set this to false then signing and decryption will be unavailable as these
        features require private keys.

	allowkeygeneration=true 
	Not currently implemented.
	
	systemkeyring=true 
	systemtrustedkey=<long key id>
	If the plugin is to be installed on a corporate mail server, you may
	wish to collect and sign keys for each employee.  You may then upload 
	a public keyring and set a trusted key id for the entire company or 
	web mail server user community.
	Each user will have the option in their individual preferences whether to 
	trust your corporate keyring and signing key.
	This feature is only partially implemented.      

	keyservers=3
	keyserver0=pgp.mit.edu:11371
	keyserver1=wwwkeys.pgp.net:11371
	keyserver2=wwwkeys.eu.pgp.net:11371
	We define some keyservers by default.  The system administrator
	may change these in the gpg_local_prefs.txt file.  Make sure to
	define all of the keyservers you want in the gpg_local_prefs file,
	because this file takes precedence over the gpg_system_prefs file.

	debug=0
	This sets the debug level for the entire plugin.  
	Currently, only debug=0 (off) and any positive debug level (on) are 
	supported.  Setting debug=1 (or any positive number) will give you a 
	lot of output to help you understand what is going on inside the plugin.
	The developers do not recommend turning on debug on a production install of
	Squirrelmail.  It doesn't break anything, but it may make the output very ugly, 
	and could be expected to confuse users.
	Also, if you do turn debug on, use debug=1, as additional, finer-grained debug 
	mechanisms may be added in future plugin releases.
	
	The way the developers test the plugin is on a parallel installation of 
	Squirrelmail.  Copy your Squirrelmail directories to another directory
	that is accessible from the web server.  This will share your preferences
	and user files across the two installs, but let you set SM and gpg options 
	separately on your parallel installation, and test the plugin or other code.

Troubleshooting
	Forgive us if this isn't complete, we've made every attempt to list
	the most common problems and solutions. 
	
	This section is organized with the error you see on the screen at the
	beginning of each TroubleShooting section, and the workaround or other
	information indented under the applicable error message(s).
	
	We also welcome additions to this section.
	
	PHP file_uploads variable:
		make sure that your file_uploads variable is set to 'On'
		in php.ini. This is set to 'Off' by default (for security)
		in some distributions.
		 
		The line should read:
		file_uploads = On
		 
		Failure to do this will, at best, keep you from uploading a key file.
		At worst, no data will be submitted on POST from the form, due to
		a known bug in PHP:
		 
		http://bugs.php.net/bug.php?id=17958
		 
	Compose problems/warning messages:
		If you do not have gpg installed correctly, including correct ownership
		and permissions on your <Squirrelmail>/data/<account>.gpg/ directory and
		all files contained within, when you go to encrypt your message you will
		be shown the warning messages and then returned to the compose page
		WITHOUT encrypting your email. Fix the problems and when the warnings go
		away your email can be encrypted.
		
	gpg: Warning: using insecure memory! 
	
		The "using insecure memory" warning is a gpg issue, not a plugin problem.
		When gpg is installed incorrectly, it can use insecure memory (a non-locked
		page file) and there exists a possibility that the memory block allocated by
		gpg can be written to the disk on swap, potentially leaving keys,
		passphrase, or plaintext in an insecure swap file.  On Unix, making the gpg
		binary setuid root may remove this warning.  Some Linux distributions
		distribute gpg in a non-setuid root form, probably mistakenly thinking that
		it will be more secure to not have the gpg binary be setuid root.
	
		Reference: http://www.gnupg.org/documentation/faqs.html#q6.1
		
	gpg: protection algorithm 1 (IDEA) is not supported
	gpg: the IDEA cipher plugin is not present
	gpg: please see http://www.gnupg.org/why-not-idea.html for more information
	gpg: no default secret key: unknown cipher algorithm
	gpg: [stdin]: clearsign failed: unknown cipher algorithm

		You will get the above sequence of errors if you try to use an RSA secret
		key as a signing key, or if you try to decrypt something that was encrypted 
		with PGP 2.x.
				
		This can be remedied by either loading the IDEA compatibility plugin for gpg,
		or by waiting for the GPG Squirrelmail Plugin team to get around to warping 
		the command we send gpg to use the CAST/MD5 or SHA1 algorithm for the hash.  
		
		We'll get to it soon, I promise.
		
	Fatal error: Call to undefined function: check_php_version() 
		The GPG plugin requires a function from Squirrelmail called check_php_version.
		This function was added to the SM core code in version 1.2.9. If you are
		recieving this error, you are probably using a version of SM prior to 1.2.9
		You have two options:
		
		Upgrade Squirrelmail to a more recent version. 
			This is the preferred option because all versions of Squirrelmail
			prior to 1.2.11 have a remotely exploitable cross site scripting 
			security vulnerability.  If you are using Red Hat RPM's, the 1.2.10
			RPM has been patched to remove this vulnerability.
		
		Hack the check_php_version() function into your version of Squirrelmail.
			The check_php_version function is very small. 
			You could patch it into your version of Squirrelmail.
			Put the following in your src/load_prefs.php file
		
		/* returns true if current php version is at minimum a.b.c */
		function check_php_version ($a = '0', $b = '0', $c = '0')             
		{
		    $SQ_PHP_VERSION=phpversion(); /* set your PHP version here */       
		
		    return $SQ_PHP_VERSION >= ($a.$b.$c);       
		} 

	gpg: secret key not imported (use --allow-secret-key-import to allow for it)
		If you are using gpg v 1.0.5 or 1.0.6 you may see this message
		upon attempting to upload a private key/keyring.
		
		Thanks to Derek Battams for reporting this issue.
		
		Upgrading to a newer version of gpg will resolve this problem.
		
		The development team has applied a patch for this issue, so 
		hopefully no one will ever see this error.
		Full details are available at:
		http://www.braverock.com/bugzilla/show_bug.cgi?id=16
		
	pgp/mime support
		The plugin currently has limited support for messages encoded 
		with mime type 'application/pgp'
		
		The plugin will correctly identify and verify signatures inside 
		mime parts and decrypt messages in mime attachments.
		
		The support still isn't perfect.  I can't figure out how to get
		Squirrelmail 1.2.11 to display the mime attachments in the browser window.
		That isn't precisely a plugin issue, I'll have to investigate how SM
		handles mime attachments, and figure out if there is any why to get SM 1.2.11
		to display the mime parts.  It is important progress though.
		
		Mime attachments display in SM 1.4, but not in SM 1.2.11.  I think this is
		just the way SM is, and we aren't going to be able to affect that.

		The development team is working to resolve this issue in a 
		future release.  Any information on anomalous behavior, or 
		suggested patches, would be appreciated.
		Please add information to the bug report at:
		http://www.braverock.com/bugzilla/show_bug.cgi?id=20
		
	Encrypt fails on SM 1.4.0 & IE 6 or Netscape 7
	Javascript Error: "The object does not support that property or method"
			  "Error: Error:'this.form.action' is null or not an object"
		These errors are caused by a bug in the released version 
		of SM 1.4.0.  SM 1.4.0 uses a reserved word 'action' to name
		a hidden field.  This interferes with the plugin's use
		of the Javascript this.form.action to redirect the submit
		when the user presses 'Encrypt Now'.
		
		This error will only occur on browsers that do strict form checking 
		of the DOM before executing the this.form.action command, 
		principally some versions of IE 6 and Netscape 7.
		
		The Squirrelmail core team is aware of this issue, and expects to 
		apply the patch to SM 1.4.1.
		
		The only solution to this issue in SM 1.4.0 is to patch 
		compose.php (and optionally read_body.php) to change the
		hidden field 'action' to a name that is not a reserved word.
		
		Full details and the patch are available at:
		http://www.braverock.com/bugzilla/show_bug.cgi?id=24
		
About Keyservers, firewalls, and LDAP

        The GPG Plugin uses an HTTP interface to retrieve a list of keys 
        for import to the user's keyring.  Most of the Keyservers that offer an
        HTTP interface put it on port 11371.  If your Squirrelmail server is 
        behind a firewall or on an ipchains/iptables machine that blocks outgoing
        connections, you will need to open up connections from the server the gpg 
        plugin runs on to the keyservers that are defined in your config files.
        
        There are only three interfaces that we know of to a keyserver, the HTTP 
        interface currently used by the gpg plugin, the HKP interface, and an 
        LDAP interface.  We believe that it would be nice to support the LDAP 
        and HKP interfaces, and would welcome any code contributions that 
        implement such an interface for key lookup.  The HKP interface will 
        probably be supported via the --search-keys functionality, 
        although this is an interactive interface, and may not be suitable for
        use in the plugin.

About Decryption
	GPG Plugin Version 1.1 adds support for decrypting messages.
	
	To us this feature, you will need to upload a private key or private keyring.
	You may do this from the Options/GPG Plugin Options screen.
	
	Once you have uploaded a secret key or keyring, the decryption part of the 
	plugin will be activated.  The plugin will try to automatically determine 
	when a message contains P/GPG encrypted content.  When the plugin detects 
	a message that appears to have encrypted content, the 'Decrypt Message Now'
	button will be displayed.  because of the complexity of this feature,
	it is possible that the plugin may not always correctly identify a message 
	that contains encrypted content.  Please report any unusual behavior,
	so that we can work with you to resolve your issue and patch the plugin.
	
	There is a known issue with pgp/mime support, see the Troubleshooting section.

About Signing messages:
	The basics of signing a message are available. There are two methods 
        available for signing a message. 

        You can use the standard method which requires you to place your 
        secring.gpg on the server and every time you sign a message you must
        provide a passphrase.

                or

        You can place a modified secring.gpg on the server that contains a bogus
        secret key and a signing key that has no passphrase. One good thing about
        this method is your real secret key is not on the Squirrelmail server. The
        other good thing about this method is you don't  have to type your
        passphrase every time you hit the GPG Sign button. The bad thing about this
        method is that anyone who can steal your secring from the Squirrelmail server
        can start signing as you without knowing the passphrase. Trade-offs trade-offs.
 
	To get option two working do the following:

	Get on the server that has your secret key and become you if you are
	not already you. This might be the Squirrelmail server..or maybe not.
	# su <username>
	Find the keyID for the key you want to edit
        # gpg --list-key
         /home/tyler/.gnupg/pubring.gpg
         ------------------------------
         pub  1024D/5C73CE2B 2003-03-07 Tyler Allison <tyler@allisonhouse.com>
         sub  2048g/EF2F4A87 2003-03-07 [expires: ????-??-??]

	We want to add a sub key to the pub keyID 5C73CE2B
	# gpg --edit-key [keyID]
            enter 'addkey' and select a DSA key...DSA! I said DSA!
            enter a stupid passphrase..you'll remove it later
            save/quit
	# Now we need to find the new sub key so we can edit it
	# gpg --list-key
         /home/tyler/.gnupg/pubring.gpg
         ------------------------------
	pub  1024D/5C73CE2B 2003-03-07 Tyler Allison <tyler@allisonhouse.com>
	sub  2048g/EF2F4A87 2003-03-07 [expires: ????-??-??]
	sub  1024D/E56CB903 2003-03-09 [expires: ????-??-??]

	Note the new keyID E56CB903. We are going to use this as a signing key.
        Now go to a temp!!! directory and type:
        # gpg --export-secret-subkeys --no-comment [keyID] > secring.gpg
        You just exported a bogus copy of your true secret key and the good
        signing key.  If you did the above in your .gnupg directory you just
        screwed yourself by overwriting your secring.gpg. I told you to use a 
        TEMP! directory
        # cp /home/tyler/.gnupg/pubring.gpg .
        # gpg --homedir . --edit [keyID]
        enter 'key 2' assuming you have two sub keys listed (see above)
        enter 'passwd'
        enter the stupid passphrase you used above and then just hit
          return when it asks for a new passphrase
        
        Upload this new secret key using the key upload screen from the Options
        screen of the plugin.
        
        Now go to the options window and set the signing keyID

	Be aware that because of the security issues with the second option,
	the development team does not recommend that you do this with a key that you 
	really wish to keep secure.  The use of a secret key without a passphrase is
	a convenience feature only, and can be presumed to be insecure, and put your 
	private key, and thus your identity, at risk.  We would also recommend that 
	you select a short expiration time period for this key without a passphrase,
	probably 3-6 months, and that you be prepared to revoke the key if it becomes 
	compromised.  It would also be a good idea to add a comment like "Insecure 
	Signing Key, Trust With Caution!" to this key.

About Encrypting Keyrings and Preferences:

	Wait a minute!  I thought this entire plugin was about encryption!

	It is.  In the interests of even greater security, we also require the 
	encryption of your gpg plugin private keyring files.
	
	To use this feature, we have made use of some nifty functions coded 
	by the main Squirrelmail development team to use mcrypt.  
	These functions were originally included in the Squirrelspell plugin, 
	and are duplicated here in modified form for use by the gpg plugin.
	
	We have chosen to disable private key storage on the server unless mcrypt 
	support is included.  
	
	So, if you want to allow your users to generate or store private keys on  
	the server for use by the gpg plugin, you must include mcrypt support.  

	We decided on this requirement because we assume that many web-mail users will
	not be sophisticated with encryption, or understand the presumed insecurity 
	of any server that is connected to the Internet 24/7 and used by multiple users 
	(as it is likely that a web-mail server will be)
	
	To use this capability, you will need to install several things that 
	may not be installed with your Linux/Unix/Windows Distribution 
	(they are not included on Red Hat, the gpg plugin development reference platform)
	
	
	The development team understands that php-mcypt and php-mhash libraries are included 
	in linux releases from Mandrake and Debian.  More information on this from a user 
	would be appreciated.
	
	To install support for mcrypt on Red Hat, We did the following:
		- get the mcrypt, libmcrypt, and mhash sources from: 
		  http://mcrypt.hellug.gr/
		  
		  install them (as root) in the following order:
		  	mhash
		  	libmcrypt
		  	mcrypt
		  using the standard:
		  	tar -zxvf archive-name.tar.gz
		  	cd archive-name
		  	./configure
		  	make all
		  	make install
	
		- get the php-mcrypt and php-mhash shared libraries from:
			http://rpms.arvin.dk/
			This site has Red Hat optimized PHP RPMs that are more complete 
			than the packages Red Hat includes. 
			download the appropriate packages for your Linux version.  
			it is critical here that you get versions of the library that 
			match your installed php rpm's (e.g. 4.0.6 or 4.2.2)
			eg. for Red Hat 7.2 or 8.0, this is:
			http://rpms.arvin.dk/php/rh72/i586/?describe=php-mcrypt
			http://rpms.arvin.dk/php/rh72/i586/?describe=php-mhash
			if you don't see the versions you need, try:
			http://rpms.arvin.dk/php/rh72/i686/old/
			http://rpms.arvin.dk/php/rh71/i686/old/
			http://rpms.arvin.dk/php/rh72/i586/old/
			http://rpms.arvin.dk/php/rh71/i586/old/
			Install these using rpm -Uvh --nodeps 
			(unless your entire PHP installation is from arvin, 
			rpm will complain without the --nodeps option)
			If you still can't find the versions you need, see below about 
			upgrading everything.
			
		- verify that mcrypt.so and mhash.so have been installed in you php lib dir
			(on Red Hat, this is /usr/lib/php4)
			
		- add the following lines to the extensions section of your php.ini file:
			extension=mcrypt.so
			extension=mhash.so

		- restart Apache.
		
		- You're Done!
		
	Reinstalling php and apache to upgrade versions:
		If you were unable to find compatible versions of the rpms from arvin for 
		your system, you can use the arvin rpms to upgrade apache and php together.
		The process for this is straightforward, but not for the faint of heart:

		- make a backup of your web data directories and your conf directory

		- stop apache

		- rpm -qa | grep php

		- rpm -e [all the above]

		- rpm -qa | grep apache

		- rpm -e apache-devel

		- rpm -e apache

		- download replacement rpm's for the above removed ones from arvin

		- rpm -Uvh [downloaded rpms]

		- put your web data back in place and 

		- your old conf directory in place of the new one.

		- Restart apache

		- Everything should be back with mcrypt available

	Finally, the above process steps are for rpm based systems.  If you are not using 
	Linux, or you are not using a Linux distribution that uses rpms, you'll have to 
	modify the procedures above to fit your distribution.  If you do that, the development
	team would love to hear what you had to do, so that we can add your results to the
	Plugin documentation.
	
	Incidentally, following any of the above procedures  will also enable encryption of user 
	dictionaries in the Squirrelspell plugin, which also requires mcrypt.


Tested On:

	This plugin was developed on a Red Hat Linux 8.0 server, and tested with:

	Linux:
		Red Hat 7.0
		Red Hat 7.2
		Red Hat 7.3
		Red Hat 8.0
		Debian - testing
		Trustix Secure Linux 1.5

	Squirrelmail versions:
		1.2.7
		1.2.8
		1.2.9
		1.2.10
		1.2.11
		1.3.1
		1.3.2 Debian testing
		1.4.0rc2a
		
	GnuPG versions:
		1.0.6
		1.0.7
		1.2.0
		1.2.1

	PHP version:
		4.2.0
		4.2.2
		4.3.1

	Apache:
		1.3.27
		2.0.40

	MCrypt:
		mhash-0.8.17
		libmcrypt-2.5.3
		mcrypt-2.6.3  
	
	Browsers:
		IE 5/6
		NS 6/7
		Mozilla 1.0.x
		Konqueror 3.0.x
		Opera 7.x

	As you use this plugin successfully on other platforms, please let us know,
	both to satisfy our curiosity, and so that we may add it to this README for 
	future releases.	

CVS (source code) Access:

	Web browser access to the repository is available at:
	
	http://braverock.com/cgi-bin/cvsweb.cgi/gpg/

	I've also configured anonymous cvs access to the cvs repository.

	You will need to set the CVS_RSH environment variable to 'ssh'.

	On unix, in  bash, you can do this by adding the following commands 
	to your .bashrc or .profile

	CVS_RSH=ssh
	export CVS_RSH

	In t/csh, you would use 'setenv CVS_RSH=ssh'

	Then, you can checkout the code using the following command 
	from the command line:

	cvs -d :ext:anoncvs@braverock.com:/cvs co gpg

	passwd:anoncvs

	Mac/WinCVS configuration should be similar.  Select SSH as the
	server type, instead of pserver.

Reporting Bugs

	We want to hear about your Bug Reports, Enhancement Requests, and Patches.
	
	Please submit bug reports at:
	http://braverock.com/bugzilla/index.cgi
	
	Please search the bug list for your bug before posting, 
	and add additional detail as appropriate.
	
	Enhancements should be marked with a severity of 'enhancement'.
	
	Please read the Bug writing guidelines at:
	http://www.mozilla.org/quality/bug-writing-guidelines.html
	for assistance in how to write a bug report that 
	will get the results you want.

Development Team
	List:		gpg@braverock.com
			(subscribe by sending a message to 
			 gpg-request@braverock.com with body 'subscribe')
	Team Lead:	Brian Peterson
			brian@braverock.com
	
	Coding/Testing:	Tyler Allison 
	   		Joel Mawhorter
	   		Kipp Spanbauer
	
	Design/Coding 
	Assistance:	Walter Torres
			Julian Dobson
			Greg Winston
			Vinay
			
	
<!--
  * $Log: README.txt,v $
  * Revision 1.44  2003/04/08 16:04:55  brian
  * added more detail on mcrypt installation
  *
  * Revision 1.43  2003/04/08 04:50:30  brian
  * added report on reserved word bug to Troubleshooting section
  * Bug 24
  *
  * Revision 1.42  2003/04/04 16:00:26  brian
  * add link to gpg mini-howto
  *
  * Revision 1.41  2003/04/04 00:11:00  brian
  * last minute updates
  *
  * Revision 1.40  2003/04/02 22:56:40  brian
  * - Spell Check
  * - added more detail to troubleshooting and decryption sections
  * Bug 18
  *
  * Revision 1.39  2003/04/02 16:35:59  brian
  * - added troubleshooting sections
  * - added more information about key upload and decryption
  * - updated last muinute section
  *
  * Revision 1.38  2003/04/01 06:40:18  brian
  * added information about decryption and sm 1.4 compatibility
  *
  * Revision 1.21  2003/03/20 10:50:40  Brian
  * Added Bug Report Section
  *
  * Revision 1.20  2003/03/14 16:01:20  Brian
  * added Joel to team list
  *
  * Revision 1.19  2003/03/14 14:50:39  Brian
  * spell check and add Troubleshooting section for check_php_version
  *
  * Revision 1.18  2003/03/14 14:04:17  Brian
  * updated signing section
  *
  * Revision 1.17  2003/03/13 04:03:53  Brian
  * added troubleshooting option for IDEA
  *
  * Revision 1.16  2003/03/12 19:49:01  tyler
  * - rewrote some of the key signing areas and added a 'What you need to know'
  * - section where we can put the status of the plugin, 
  * - like what is working and what isn't
  *
  * Revision 1.15  2003/03/12 16:47:42  Brian
  * updates to clarify things before release
  *
  * Revision 1.14  2003/03/12 04:01:06  tyler
  * - removed the part about editing the hard coded signing key
  *
  * Revision 1.13  2003/03/11 18:28:19  tyler
  * - Added section on how to setup gpg to allow for the use of the sign_message functions
  *
  * Revision 1.12  2003/03/11 06:44:11  Brian
  * troubleshooting section on "using insecure memory"
  *
  * Revision 1.11  2003/03/11 06:38:10  Brian
  * troubleshooting section on "using insecure memory"
  *
  * Revision 1.10  2003/03/10 18:28:13  tyler
  * Added 'Compose problems/warning messages' section
  *
  * Revision 1.9  2003/03/10 03:59:02  tyler
  * test tyler
  *
  * Revision 1.8  2003/03/07 17:10:03  Brian
  * Added TroubleShooting and CVS repository sections
  *
  * Revision 1.7  2003/03/05 14:55:30  Brian
  * Public Release Notes and Credits
  *
  * Revision 1.6  2003/02/19 23:53:38  Brian
  * minor wording changes
  *
  * Revision 1.5  2003/01/07 13:10:20  Brian
  * Several additions, including more information on the config files, and spell check.
  *
  * Revision 1.4  2003/01/03 22:31:47  Brian
  * Added more information on configuration and installation, and spell check.
  *
  * Revision 1.3  2002/12/09 15:22:22  Brian
  * updated content-type and Id and Log tags
  *
-->
