1994-07-13 - PGP bastardization (fwd)

Header Data

From: Philip Zimmermann <prz@acm.org>
To: cypherpunks@toad.com (Cypherpunks)
Message Hash: 6e52995deb81a83b68ba5876b8d5c9db42bd1d456b4eef49d2caa21aa396badb
Message ID: <m0qODxq-000305C@maalox.ppgs.com>
Reply To: N/A
UTC Datetime: 1994-07-13 23:44:44 UTC
Raw Date: Wed, 13 Jul 94 16:44:44 PDT

Raw message

From: Philip Zimmermann <prz@acm.org>
Date: Wed, 13 Jul 94 16:44:44 PDT
To: cypherpunks@toad.com (Cypherpunks)
Subject: PGP bastardization (fwd)
Message-ID: <m0qODxq-000305C@maalox.ppgs.com>
MIME-Version: 1.0
Content-Type: text


Forwarded message:
From prz Wed Jul 13 17:36:39 1994
Message-Id: <m0qODqw-000305C@maalox.ppgs.com>
Subject: PGP bastardization
To: trollins@debbie.telos.com
Date: Wed, 13 Jul 1994 17:36:38 -0700 (MDT)
Cc: karnow@cup.portal.com (Curt Karnow)
From: Philip Zimmermann <prz@acm.org>
Reply-To: Philip Zimmermann <prz@acm.org>
X-Mailer: ELM [version 2.4 PL22]
Content-Type: text
Content-Length: 1863      

Tom, I hear that you are distributing a modified version of PGP that 
uses a different customized encryption algorithm of your own design.

If you read the "Snake Oil" section of the PGP User's Guide, then you
know how I feel about amateur cryptographer's encryption algorithms
that have not been subjected to extensive peer review.

PGP's reputation, and my repuitation (which is tied to PGP), depends
of people trusting the quality of encryption algorithms and protocols
that I have carefully selected for PGP, using all of my knowledge and
experience.  If someone were to put a new encryption algorithm into
PGP without my permission, it could serve to tarnish the reputation
that PGP has earned over the years.

Accordingly, I do not approve of anyone modifying the cryptographic
characteristics of PGP.  PGP and Pretty Good Privacy are my trademarks,
and their good name is trusted the world over because of the care that 
I have exercised in selecting its algorithms.

If you'd like to write your own cryptographic utility, using your own
algorithms and protocols, I have no problem with that.  But I do not 
want my program, my documentation, my name, and my trademarks, to be
used for products that may have flawed algorithms.

I also have no problem with you modifying PGP for your own private
use, if you like to experiment with new algorithms of your own design.
But I do not want you to distribute such a program to others, if it uses
my code, my manuals, my name, and my trademarks.  It could hurt my
reputation and PGP's reputation.

If I am misinformed on this subject, please let me know and accept
my apology for assuming too much.  Otherwise, I'd like you to remedy
the situation.  Please let me know what has happened and what we can
do about it.

Sincerely,
Philip Zimmermann
prz@acm.org

cc:  Curtis Karnow
     Landels, Ripley, and Diamond






Thread