1997-07-03 - Re: PGP security problems?

Header Data

From: “Philip R. Zimmerman” <prz@pgp.com>
To: cypherpunks@toad.com
Message Hash: 5696e879bf6555a6d2a1c3c001211a74410c1d30232e40f0b3553dd1093a2941
Message ID: <199707030557.XAA20987@wombat.sk.sympatico.ca>
Reply To: N/A
UTC Datetime: 1997-07-03 06:16:46 UTC
Raw Date: Thu, 3 Jul 1997 14:16:46 +0800

Raw message

From: "Philip R. Zimmerman" <prz@pgp.com>
Date: Thu, 3 Jul 1997 14:16:46 +0800
To: cypherpunks@toad.com
Subject: Re: PGP security problems?
Message-ID: <199707030557.XAA20987@wombat.sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain

Hash: SHA1

 The recent spate of bogus keys uploaded to the PGP keyserver
(with subsequent posts forged using our employees names showing
up on mailing lists and newsgroups) is particularly troubling
given the fact that they appear to be coming from within the
ranks of the cypherpunks.
 While I still support the aims of the cypherpunks list, I must
confess to being somewhat disillusioned by these attacks by long
time members of the cypherpunks list. Even more troubling is the
fact that there is evidence of the attacks being designed to aide
one of PGP, Inc.'s competitors--Stronghold.

 I suppose I should have realized long ago that Gilmore <spit>
and Sameer <fart> were in collusion to turn the cypherpunks
against PGP in order to corner the encryption market for c2net's
back-door, GAK'ed product. Although PGP's successful effort
to get the Huge Cajones anonymous remailer shut down has helped
to minimize the damage to our reputation, we may have to take
action against other remailers, as well.
 I wish I had listened to the warnings of the late Dale Thorn,
Toto, and Dimitri Vulis before it had come to this.
 In conclusion, I would ask everyone to be wary when receiving
messages purporting to be from PGP, Inc. or from any of our
 It is inevitable that some gullible fools will be taken in by
the forgeries, but simple precautions such as checking the
key signatures against the keys on our keyserver and perusing
the message headers to determine the source of the email should
aide in spotting forgeries. (You should be particularly wary
of any messages originating from Canadian ISP's, as that seems
to be the natural habitat of Mongers of every sort.)

Philip R. Zimmerman <prz@pgp.com>

Version: PGP for Personal Privacy 5.0
Charset: noconv