From: Michael Johnson <mpj@csn.org>
Date: Fri, 8 Jul 94 06:21:33 PDT
To: cypherpunks@toad.com
Subject: ZiffWire article on PGP 2.6 (fwd)
Message-ID: <Pine.3.89.9407080719.A6400-0100000@teal.csn.org>
MIME-Version: 1.0
Content-Type: text/plain



I asked Philip Zimmermann what he thought of the ZiffWire article on PGP, 
and this is what he said:

---------- Forwarded message ----------
Date: Thu, 7 Jul 1994 22:29:24 -0700 (MDT)
From: Philip Zimmermann <prz@acm.org>
To: Michael Johnson <mpj@csn.org>
Subject: ZiffWire article on PGP 2.6 (fwd)

Forwarded message:
>From columbine!prz Thu Jul  7 20:58:25 1994
Date: Thu, 07 Jul 1994 20:55:20 -0700 (MDT)
From: Philip Zimmermann <prz@acm.org>
Subject: ZiffWire article on PGP 2.6
To: cypherpunks@toad.com (Cypherpunks)
Cc: prz@pascal.acm.org
Reply-To: Philip Zimmermann <prz@pascal.acm.org>
Message-Id: <m0qM65x-0002vqC@maalox.ppgs.com>
X-Mailer: ELM [version 2.4 PL22]
Content-Type: text
Content-Transfer-Encoding: 7BIT
Content-Length: 2943

I would like to correct a misleading assertion that appeared in 
an article dated 5 July, attributed to "PC Week via INDIVIDUAL, Inc"
that came from ZiffWire.  The apparent author of the article is Eamonn
Sullivan.  I think it was posted on the Cypherpunks mailing list.  The
article concerns Pretty Good Privacy, version 2.6, distributed by MIT.

The misleading and damaging paragraphs follow:

  >  MIT and RSA's distribution of PGP Version 2.6 is an attempt to short-
  >circuit PGP's popularity. After Sept. 1, 1994, PGP 2.6 will no longer work
  >with documents and keys generated and encrypted by older versions of PGP,
  >and it is licensed for use only in the United States.
  >
  >  The release is already causing upheaval, since its public-key format is
  >different than in prior versions, and numerous public-key repositories will
  >have to be updated.
  >
  >[07-05-94 at 17:19 EDT, Copyright 1994, ZiffWire, File: c0705185.2zf]

This assertion is erroneous and damaging to PGP's reputation.  PGP 2.6
will always be able to read messages, signatures, and keys from older
versions, even after September 1st.  The older versions will not be able
to read messages, signatures and keys produced by PGP 2.6 after September
1st.  This is an entirely different situation.  There is every reason for
people to switch to PGP 2.6, because it will be able to handle both data
formats, while the older versions will not.  Until September, the new PGP
will continue to produce the old format that can be read by older versions,
but will start producing the new format after that date.  This delay allows
time for everyone to obtain the new version of PGP, so that they will not
be affected by the change.  Key servers will still be able to carry the
keys made in the old format, because PGP 2.6 will still read them with no
problems.  The assertion made in the article has it backwards, which
would indeed be bad if PGP were to start behaving that way.  If it did,
I wouldn't use it myself.

I call upon ZiffWire and PC Week to issue a correction to this error.

Also, note that any export restrictions on PGP 2.6 are imposed by the US
government.  This does not imply that MIT or myself agree with these
restrictions.  We just comply with them.  We do not impose additional
licensing restrictions of our own on the use of PGP outside of the US,
other than those restrictions that already apply inside the US.  PGP
may be subject to export controls.  Anyone wishing to export it should
first consult the State Department's Office of Defense Trade Controls.

I developed PGP 2.6 to be released by MIT, and I think this new
arrangement is a breakthrough in the legal status of PGP, of benefit to
all PGP users.  I urge all PGP users to switch to PGP 2.6, and abandon
earlier versions.  The widespread replacement of the old versions with
this new version of PGP fits in with future plans for the creation of a
PGP standard.

Philip Zimmermann