From: Stuart Smith <stu@nemesis.wimsey.com>
To: cypherpunks@toad.com
Message Hash: f2f4907fdf55e09b93756be1427acaf9178ad8de39ce5a62b2dac255de74f186
Message ID: <2e253102.nemesis@nemesis.wimsey.com>
Reply To: N/A
UTC Datetime: 1994-07-14 13:00:32 UTC
Raw Date: Thu, 14 Jul 94 06:00:32 PDT
From: Stuart Smith <stu@nemesis.wimsey.com>
Date: Thu, 14 Jul 94 06:00:32 PDT
To: cypherpunks@toad.com
Subject: PGP Bastardization
Message-ID: <2e253102.nemesis@nemesis.wimsey.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
>>If you read the "Snake Oil" section of the PGP User's Guide, then you
>>know how I feel about amateur cryptographer's encryption algorithms
>>that have not been subjected to extensive peer review.
>Well, It is true that I am _not_ being paid for this software. It
>is my hobby. And I don't care how you feel about my hobby.
>Please feel free to make any constructive comments about the
>algorithm.
The time for constructive comments about a new algorithm such as
yours is *before* you release code. IDEA and RSA were already
well respected ciphers before PGP was released.
>I believe that you may by misinformed. I hope that I have made my
>position clear. You relesased the pgp program under the "Copyleft"
>License. I have the right to change the software or use pieced of it.
>I am protected from you trying to deny me those rights.
You may be correct in that Phil Zimmermann has no legal
recourse, but I counldn't say for sure. I am more concerned
with the ethical issues. What have you called your new
super-duper pgp? If you make it abundantly clear that it is
*your* hack of pgp, and not supported in any way by RSA, MIT, or
prz, I personally wouldn't have a problem with it.
It is my feeling that cryptographic software is an entirely
different beast from other software released under such free
licenses. If I improve or port some one's mail reader for
instance, out of *common courtesy*, the first thing I would do
is contact the author to let him know. Any bugs in such a
program would make themselves readily apparent and users would
quickly learn whether or not my version was really an
improvement. How is a user to know that his data has less of a
chance of being compromised using super-kool-pgp than prz's own
version? The people reading his compromised mail certainly
aren't going to tell him that his cryptographic software has a
bug in it.
I think a lot of this issue has less to do with the law and more
to do with courtesy to fellow software authors.
- --
Baba baby mama shaggy papa baba bro baba rock a shaggy baba sister
shag saggy hey doc baba baby shaggy hey baba can you dig it baba baba
E7 E3 90 7E 16 2E F3 45 * 28 24 2E C6 03 02 37 5C
Stuart Smith <stu@nemesis.wimsey.com>
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQCVAgUBLiU/DKi5iP4JtEWBAQGpYAP+MD+AcoHHcfpOA+SFzWmOCZ1U1KVXt1zP
js1vq6v3tmbA5tXBJzHptnSDIIdPWwuiNL/4rgD8eXVVdaeCVloqz38U1Gk5KWnZ
N4C8X2opaiOG6azU58upqzeEnmHJXvD2K0Mr3nZZMMhvu+ANdAxdVxSNuj5WaJoH
dJq596n4gpk=
=716m
-----END PGP SIGNATURE-----
Return to July 1994
Return to “Stuart Smith <stu@nemesis.wimsey.com>”
1994-07-14 (Thu, 14 Jul 94 06:00:32 PDT) - PGP Bastardization - Stuart Smith <stu@nemesis.wimsey.com>