1993-05-05 - A proposal to use RSAREF in PGP

Header Data

From: prz (Philip Zimmermann)
To: jim@rsa.com (Jim Bidzos)
Message Hash: aa261f8441ceb106d857ce63b5e5104662e30a33dfa35867bc56116797fa8b9a
Message ID: <9305051742.AA15809@sage.cgd.ucar.EDU>
Reply To: N/A
UTC Datetime: 1993-05-05 17:42:11 UTC
Raw Date: Wed, 5 May 93 11:42:11 MDT

Raw message

From: prz (Philip Zimmermann)
Date: Wed, 5 May 93 11:42:11 MDT
To: jim@rsa.com (Jim Bidzos)
Subject: A proposal to use RSAREF in PGP
Message-ID: <9305051742.AA15809@sage.cgd.ucar.EDU>
MIME-Version: 1.0
Content-Type: text/plain



To: Jim Bidzos
    RSA Data Security, Inc.
    5 May 93

Dear Jim:

I am writing to you to get your approval to install RSAREF into PGP
in order to make PGP legal and hopefully end the conflicts regarding
patent infringement.  You said publicly a number of times that PGP
may become legal in the US if it incorporated RSAREF.  I assume from
these remarks that you would prefer that to happen.  So let's do it.

PGP now has, in testbed form, RSAREF integrated into it.  With your
approval, the next release could be an RSAREF version.  I say your
approval, because it is necessary to use the two static entry points
RSAPublicBlock and RSAPrivateBlock in rsa.c in RSAREF to allow
backward compatibility with older versions of PGP.  Unfortunately,
the old versions of PGP have an error that makes the contents of a
DEK and MD packet inside of an RSA multiprecision integer not comply
with PKCS standards of padding.  New versions of PGP will correct
this problem, but backward compatibility is needed, so the
RSAPublicBlock and RSAPrivateBlock entry points must be called to
parse the old packets.  The global entry points RSAPublicEncrypt and
RSAPrivateEncrypt will also be used to generate the new
PKCS-formatted packets.  As I understand it, the standard RSAREF
license requires your approval to use these entry points.  I
discussed these ideas with Ron Rivest and Burt Kaliski, and both
seemed to not raise any objections.  I hope you will agree.

At some time in the future, when all the old certifying signatures
are eventually replaced with new ones, these static entry points will
not have to be called, allowing the the regular entry points in rsa.h
to be called in their place.  We will be encouraging people to get
their certifying signatures renewed on their keys with the new
version of PGP.

PGP users outside the US will be using a version of PGP without
RSAREF, but it will be compatible in every way with the RSAREF
version.

The PGP developers will also be contributing some speedups to RSAREF
in future releases.  This will help all of your installed base of
RSAREF applications.

I am also modifying the PGP User's Guide to remove the remarks in the
legal issues section that I suspect you regard as inflammatory.  I
hope this will pave the way for us to close ranks and work together
on fighting the Clipper chip initiative.  If there are other measures
you'd like me to take to improve relations between us, let me know. 
I hope our common political objectives will outweigh your personal
feelings, so the community of PGP users may work better with you to
face these pressing policy issues.

The new release can be ready in a few days, if you approve.


Regards,

Philip Zimmermann








Thread