From: alano@teleport.com (Alan Olsen)
Date: Thu, 18 Aug 94 13:05:14 PDT
To: cypherpunks@toad.com
Subject: Re: Zimmermann on PGP 2.6 myths
Message-ID: <199408182004.NAA15578@teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>To:   All Users of PGP
>From: Philip Zimmermann, creator of PGP
>Re:   Misconceptions about PGP 2.6 from MIT
>Date: 18 Aug 94
>
>I'd like to clear up some widely held misconceptions about PGP
>version 2.6 from MIT.  I get a lot of email and phone calls from
>people who report a lot of misinformation on many Internet newsgroups
>about this MIT version of PGP.
>
[Stuff Deleted]

>- ---------------------------------------------------------------------
>Myth #2:  PGP 2.6 is weaker than previous versions, with a back door.
>- ---------------------------------------------------------------------
>
>This is not true.  I would not allow MIT or anyone else to weaken PGP
>or put a back door in.  Anyone who knows me will tell you that.
>
>This is not to say that PGP doesn't have any bugs.  All versions have
>had bugs.  But PGP 2.6 has no known bugs that have any net effect on
>security.  And MIT should be releasing a bug-fixed version of PGP 2.6
>Real Soon Now.

In my opinion what helped to contribute to this assumption was the 
downreving of RSAREF from 2.0 in PGP 2.5 to 1.0 in PGP 2.6.  (That with the 
"expiration date" seemed to make things look pretty evil.)

What is the difference between RSAREF 2.0 and 1.0 and should I be concerned?

/========================================================================\
|"I would call him a Beastialic Sadomasochistic   | alano@teleport.com   |
|Necrophile but that would be beating a dead      | Disclaimer:          |
|horse." -- Teriyaki (What's up Tiger Lily?)      | As if anyone cares!  |
\========================================================================/