1994-05-05 - Re: Keyserver service outRAGE

Header Data

From: Black Unicorn <unicorn@access.digex.net>
To: bal@martigny.ai.mit.edu
Message Hash: 273437e7be9835595045ddc07e415ad8893180c0f2643af62c2c4ce34c531f3d
Message ID: <199405050519.AA14979@access1.digex.net>
Reply To: <9405050410.AA11082@toad.com>
UTC Datetime: 1994-05-05 05:19:28 UTC
Raw Date: Wed, 4 May 94 22:19:28 PDT

Raw message

From: Black Unicorn <unicorn@access.digex.net>
Date: Wed, 4 May 94 22:19:28 PDT
To: bal@martigny.ai.mit.edu
Subject: Re: Keyserver service outRAGE
In-Reply-To: <9405050410.AA11082@toad.com>
Message-ID: <199405050519.AA14979@access1.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> The public keyserver running on martigny.ai.mit.edu will be unavailable
> starting Thursday, May 5, 1994 at approximately 9am EDT.  
> 
> During the coming week, the Massachusetts Institute of Technology will
> begin formally distributing PGP 2.5, a new version of PGP that is
> based on the RSAREF 2.0 cryptographic toolkit, under license from RSA
> Data Security, Inc., dated March 16, 1994.  When that distribution
> becomes available, the keyserver will return running PGP 2.5.  At that
> time, the keyserver will no longer accept keys that are identified as
> having been created by versions of PGP lower than 2.4.  (PGP 2.4 is
> Viacrypt PGP.)
> 
> 		--Brian LaMacchia
> 		  public-key-server-request@martigny.ai.mit.edu
> 

This is silly.

Why a server would want to use licensed code is understandable.

Why a server would try to restrict keys generated by versions other
than 2.4 & the mysterious 2.5 is moronic.

I will not use this server regardless of which version I have and use,
and I urge others to resist the use of this server as well.

This policy only serves to create suspicion and drain confidence in
versions of PGP over 2.3a.

I ask the following questions:

Will source code be available for PGP2.5?
Who was responsible for the modifications that make PGP2.5, version 2.5?

and on the topic of PGP security generally:
Why is MacPGP2.3 not signed?
Why is MacPGP2.3 v1.1 not accompanied by a source code?
When is the new version of PGP by Phil Z. going to be released?  Or is
2.5 it?
Can we expect similar tactics from the future versions of PGP?
Perhaps some tag bits somewhere in messages to identify versions
more quietly?


I ask the operators of the remaining servers to remove the MIT server
from their automatic mirror update list and to avoid a policy of excluding
keys generated by any "non-conforming" software in their own operations.

I ask users of PGP not to add future keys to the offending server.

I call on cypherpunks to estlablish less formal key servers and develop 
more stealthy and secure methods of key distribution.


-uni- (Dark)





Thread