From: cdodhner@indirect.com (Christian D. Odhner)
Date: Tue, 17 May 94 05:54:09 PDT
To: cypherpunks@toad.com
Subject: (none)
Message-ID: <2pBsjepAkPD9064yn@indirect.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

In article <2r9h97$oro@nyx10.cs.du.edu>, Alex Strasheim wrote:
> 
> I have been reading nothing but complaints ever since the planned release 
> of 2.6 was announced.

With good reason. It's a bullshit product.

> It is true that messages generated with 2.6 won't be decodable with some
> earlier versions, including 2.3a.

And most likely 2.4 as well, although that's a horse of a
different color.

> It is also true that 2.6 can't be exported with RSAREF code.

Not quite. It's not *legal* to export it. But to say that it
"can't be exported" is simply untrue. It "can" be exported,
and easily at that. However, I doubt there will be much
demand for it, in or out of the us. It is slower than 2.3a,
has unreasonable limits on keysize, and is not backwards
compatable with the versions much of the world uses.

> This means that it will not be possible, at
> first, to use 2.6 to correspond with users who are not in the US or 
> Canada.

Or with users in the usa or canada who choose to use 2.3a.
(and possibly 2.4 as well? Any confirm or deny on this one?)

> But this will be a temporary condition.  There are precedents for 
> exporting code into which foreign users can plug their own crypto 
> engines.  This is probably what will happen with PGP:  programmers 
> outside of the US will develop code which duplicates the functionality of 
> the RSAREF engine, and a non-US version of PGP, functionally equivilant 
> to the American version, will be made available to users who don't have 
> access to the US version.

A total waste of time. Any 'foreign users' who wish it will
be able to get a copy of 2.6 in short order. But that's
still not going to change the fact that it's not a
worthwhile program.

> The word to describe what has happened is "compromise".  The PGP 
> developers, along with MIT, were able to reach a compromise with RSADSI 
> and PKP.  Yes, they had to give some things up.  But in exchange, they 
> were able to secure the right to legally distribute, for free, an open 
> source version of PGP in the USA.

The word to describe what has happened is "disaster". It is
a deliberate attempt to fragment the international crypto
community.

> This is an enormous victory.  It is the end, in practical terms, of the 
> struggle to put strong, verifiable, and affordable crypto software into 
> the hands of the general public.  It's over, and we have won.

It will be "over" when I can use whatever encryption I
choose to protect my communication, without the requirement
of government of corperate 'approval' to avoid "legal trouble"

> The thing that bothers me the most about the complaints which have been 
> posted is that they are implicity, if not explicity, condemnations of the 
> compromise which PRZ and MIT negotiated.

I _explicitly_ condemn the _decisions_ of whoever wrote the
damn program to:
        1)disallow keys bigger than 1024bits
        2)remove backwards-compatable operation

> I think that PRZ deserves the
> benefit of the doubt.  He's the one who has put himself on the line for 
> the rest of us, and he's the one who is most responsible for raising 
> public awareness of crypto issues.  I'm not suggesting that we follow him 
> blindly;  but at the same time, if he thinks this is a good deal, that 
> ought to carry a lot of weight.

I have not yet heard prz's position regarding the
limitations on pgp version 2.6, however if he supports it I
simply disagree with him.

Happy Hunting, -Chris
______________________________________________________________________________
Christian Douglas Odhner     | "The NSA can have my secret key when they pry
cdodhner @ indirect.com      | it from my cold, dead, hands... But they shall
pgp 2.3 public key by finger | NEVER have the password it's encrypted with!"
cypherpunks         WOw            dCD           Traskcom          Team Stupid
  Key fingerprint =  58 62 A2 84 FD 4F 56 38  82 69 6F 08 E4 F1 79 11 
- - ------------------------------------------------------------------------------
 A government mandante for key-escrow encryption in all communication
 devices would be the information-age equivalent of the government requiring
 private citizens to quarter troups in their home.

 --David Murray

PGP NSA ViaCrypt Phrack EFF #hack LOD/H 950 FBI MindVox ESN KC NUA murder
QSD Hacker DEFCON SprintNet MCI AT&T HoHoCon DNIC TRW CBI 5ESS KGB CIA
RSA Communist terrorist assassin encrypt 2600 NORAD missile explosive hack
phreak pirate drug bomb cocain payment smuggle A.P. bullets semi-auto stinger
revolution H.E.A.T. warheads porno kiddiesex export import customs deviant
bribe corrupt White House senator congressman president Clinton Gore bootleg
assasinate target ransom secret bluprints prototype microfilm agents mole
mafia hashish everclear vodka TnaOtmSc Sony marijuana pot acid DMT Nixon
yeltsin bosnia zimmerman crack knight-lightning craig neidorf lex luthor
kennedy pentagon C2 cheyenne cbx telnet tymenet marcus hess benson & hedges
kuwait saddam leader death-threat overlords police hitler furer karl marx
mark tabas agrajag king blotto blue archer eba the dragyn unknown soldier
catch-22 phoenix project biotech genetic virus clone ELINT intercept diplomat
explosives el salvador m-16 columbia cartel

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLdiuIuKc9MdneB1xAQFwfQP/THNlr7lcPK1ZtF1dFqdM8yw+RJE2q+C6
tScuiBduZAGBhKlOpx8yUnFr76FV8v76bhCzR4NJNMY4ybm/xpU+UBVg/gp5CB/S
8WAGE3w6FIHYBxHxxHDNtyvwzC8ySCBU47CWDhGXgXbx4kBnr7EBKv6s+x3d9GtX
0hu4XzlNqR4=
=yZ4m
-----END PGP SIGNATURE-----