1994-05-16 - How to make fixes stick (Was Re: PGP 2.5 Beta Release Over, PGP 2.6 to be released next week)
Header Data
From: Richard Johnson <Richard.Johnson@Colorado.EDU>
To: cypherpunks@toad.com
Message Hash: 922044bd6139b5d4269e78d7c41d8901269d4b6a988a4832fb5fc0495bd0f9be
Message ID: <199405162031.OAA13977@spot.Colorado.EDU>
Reply To: <adam@bwh.harvard.edu>
UTC Datetime: 1994-05-16 20:31:28 UTC
Raw Date: Mon, 16 May 94 13:31:28 PDT
Raw message
From: Richard Johnson <Richard.Johnson@Colorado.EDU>
Date: Mon, 16 May 94 13:31:28 PDT
To: cypherpunks@toad.com
Subject: How to make fixes stick (Was Re: PGP 2.5 Beta Release Over, PGP 2.6 to be released next week)
In-Reply-To: <adam@bwh.harvard.edu>
Message-ID: <199405162031.OAA13977@spot.Colorado.EDU>
MIME-Version: 1.0
Content-Type: text/plain
According to Jeffrey I. Schiller, PGP 2.6 will issue broken messages,
unreadable by earlier legal versions of PGP (Viacrypt's 2.4 in USA and
Canada, and any version outside backward-crypto-land)
In summary, how do we make our fixes to this obvious bug stick?
(Institutional paranoia on)
To me, this change is an obvious step in satisfying the TLA's desire for
a segmented crypto market to slow widespread use of strong crypto. On
the one side, we have misapplied ITAR regulations preventing export of a
worldwide standard. On the other side, we have a wrongly-granted patent
preventing use of an imported worldwide standard. PGP is a de-facto
worldwide standard, and they're trying to break it.
(Institutional paranoia off)
From the keyboard of: Adam Shostack <adam@bwh.harvard.edu>
> And 2.4 is legal, if the 2.6 code doesn't recognize that,
> well, then that code is buggy & will need to be fixed. :)
Adam has the right idea. The question is, how do we make such a fix
stick? In order to beat the "canonical release" advantage of the
broken 2.6, we'll need to spread the word widely (at least until a
2.6-compatible PGP is released and ported to the full range of current
platforms by our outside compatriots).
Some suggestions for after we create such patches:
Letters to computer magazines (Infoworld, Wired, PC Week, etc.)
Add entry to PGP FAQ about communicating with non-USA/Canada PGP users
Add entry to PGP WWW pages in UK
Weekly postings of the patches to alt.security.pgp (from outside NA)
Monthly postings of the patches to alt.sources.patches (from outside NA)
Press releases in other appropriate newsgroups, repeated
Come up with others, particularly for the non-net world. :-)
Richard
Thread
Return to May 1994
- Return to “Adam Shostack <adam@bwh.harvard.edu>”
Return to “Richard Johnson <Richard.Johnson@Colorado.EDU>”
- Unknown thread root
- 1994-05-16 (Mon, 16 May 94 13:31:28 PDT) - How to make fixes stick (Was Re: PGP 2.5 Beta Release Over, PGP 2.6 to be released next week) - Richard Johnson <Richard.Johnson@Colorado.EDU>
- 1994-05-16 (Mon, 16 May 94 13:51:47 PDT) - PGP 2.6 - Adam Shostack <adam@bwh.harvard.edu>
- 1994-05-16 (Mon, 16 May 94 13:31:28 PDT) - How to make fixes stick (Was Re: PGP 2.5 Beta Release Over, PGP 2.6 to be released next week) - Richard Johnson <Richard.Johnson@Colorado.EDU>