1994-07-14 - PGP Bastardization

Header Data

From: Stuart Smith <stu@nemesis.wimsey.com>
To: cypherpunks@toad.com
Message Hash: f2f4907fdf55e09b93756be1427acaf9178ad8de39ce5a62b2dac255de74f186
Message ID: <2e253102.nemesis@nemesis.wimsey.com>
Reply To: N/A
UTC Datetime: 1994-07-14 13:00:32 UTC
Raw Date: Thu, 14 Jul 94 06:00:32 PDT

Raw message

From: Stuart Smith <stu@nemesis.wimsey.com>
Date: Thu, 14 Jul 94 06:00:32 PDT
To: cypherpunks@toad.com
Subject: PGP Bastardization
Message-ID: <2e253102.nemesis@nemesis.wimsey.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>If you read the "Snake Oil" section of the PGP User's Guide, then you
>>know how I feel about amateur cryptographer's encryption algorithms
>>that have not been subjected to extensive peer review.
 
>Well, It is true that I am _not_ being paid for this software. It
>is my hobby. And I don't care how you feel about my hobby.
>Please feel free to make any constructive comments about the
>algorithm.
 
The time for constructive comments about a new algorithm such as
yours is *before* you release code.  IDEA and RSA were already
well respected ciphers before PGP was released.

>I believe that you may by misinformed.  I hope that I have made my
>position clear. You relesased the pgp program under the "Copyleft"
>License. I have the right to change the software or use pieced of it.
>I am protected from you trying to deny me those rights.
 
You may be correct in that Phil Zimmermann has no legal
recourse, but I counldn't say for sure.  I am more concerned
with the ethical issues.  What have you called your new
super-duper pgp?  If you make it abundantly clear that it is
*your* hack of pgp, and not supported in any way by RSA, MIT, or
prz, I personally wouldn't have a problem with it.

It is my feeling that cryptographic software is an entirely
different beast from other software released under such free
licenses.  If I improve or port some one's mail reader for
instance, out of *common courtesy*, the first thing I would do
is contact the author to let him know.  Any bugs in such a
program would make themselves readily apparent and users would
quickly learn whether or not my version was really an
improvement.  How is a user to know that his data has less of a
chance of being compromised using super-kool-pgp than prz's own
version?  The people reading his compromised mail certainly
aren't going to tell him that his cryptographic software has a
bug in it.

I think a lot of this issue has less to do with the law and more
to do with courtesy to fellow software authors.

- -- 
 Baba baby mama shaggy papa baba bro baba rock a shaggy baba sister
shag saggy hey doc baba baby shaggy hey baba can you dig it baba baba
        E7 E3 90 7E 16 2E F3 45   *   28 24 2E C6 03 02 37 5C 
   Stuart Smith                           <stu@nemesis.wimsey.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLiU/DKi5iP4JtEWBAQGpYAP+MD+AcoHHcfpOA+SFzWmOCZ1U1KVXt1zP
js1vq6v3tmbA5tXBJzHptnSDIIdPWwuiNL/4rgD8eXVVdaeCVloqz38U1Gk5KWnZ
N4C8X2opaiOG6azU58upqzeEnmHJXvD2K0Mr3nZZMMhvu+ANdAxdVxSNuj5WaJoH
dJq596n4gpk=
=716m
-----END PGP SIGNATURE-----





Thread