From: mgream@acacia.itd.uts.edu.au (Matthew Gream)
Date: Tue, 24 May 94 19:41:31 PDT
To: cypherpunks@toad.com (Cypherpunks List)
Subject: PGP 2.6 is dangerous in the long term ?
Message-ID: <9405250243.AA03397@acacia.itd.uts.EDU.AU>
MIME-Version: 1.0
Content-Type: text/plain




Personally, I happen to dislike the PGP 2.6 saga; I think it's
effectively turning the wheel back viz. "US only software" as well
as confusing the issue ("oh, which PGP do you have ?"). 

Some say that it's not a problem in the sense that PGP 2.3a will be
upgraded to "support" PGP 2.6. Even this situation is clearly
undesirable as PGP itself becomes a fragmented product -- esp. as I
think "new users" will opt for PGP 2.6, and others will change too
because of the purported "legitimacy". The result is that PGP 2.6
_will_ become heavily adopted in the US.  This it not the point,
however.

As the RSA patent is expected to expire in the coming years, one would
expect the liberation of PGP, at least in terms of the RSA algorithm
(negating the export control issues). The sinister fact of PGP 2.6, and
other derived RSAREF product is that even as the patent itself expires,
RSADSI still exerts control over PGP by way of RSAREF.

Being Australian, I've not read the RSAREF conditions, but there is at
the point that commercial use will still not be possible (at it would
be under non-RSAREF 2.3a) when the RSA patent expires.

So quite possibly, PGP 2.6 is doing a great deal more longer term
damage to the viablity of PGP than is immediately obvious. Is this a
valid viewpoint ?


Matthew.

-- 
Matthew Gream
Consent Technologies
Sydney, (02) 821-2043
M.Gream@uts.edu.au