home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC World 1997 November
/
PCWorld_1997-11_cd.bin
/
software
/
sharware
/
utility
/
PGP
/
PGP263I
/
DOC
/
PRZON26I.ASC
< prev
Wrap
PGP Signed Message
|
1995-02-04
|
6KB
|
103 lines
-----BEGIN PGP SIGNED MESSAGE-----
To: PGP users
From: Philip Zimmermann
I have received a many inquiries concerning the status of the various
"international versions" of PGP(tm), called PGP 2.6ui, PGP 2.6.i, etc.
There are, as many people know, serious restrictions placed on my
statements by my lawyers, as a consequence of an ongoing criminal
investigation by agencies of the United States Government. I have
reviewed copies of the public distributions of these "versions" of PGP,
and I have some observations to make.
The US Government regards any unlicensed exportation of PGP from the
USA as at least potentially in violation of its own regulations
governing the export of cryptographic tenchnology. MIT and I took all
reasonable steps to prevent such export of PGP. None of the current
"international versions" of PGP is an official product of myself or
Phil's Pretty Good Software. While I personally regard the application
of export restrictions to software such as PGP as unjustifiable and
harmful to the interests of both the US Government and its citizens, I
do not condone violations of US export law, and I deplore the
activities of those who illegally exported any version of PGP developed
in the USA. Along with my lawyers, MIT, and others, I am implementing
a plan of action that we hope will make PGP legally available
throughout the world, for both commercial and non-commercial users who
are interested in strong data encryption.
The unofficial variant of PGP named PGP 2.6.i by its developers
replaces RSAREF routines with other code implementing RSA-related
algorithms. I am very familiar with that code, and while I tried to
make PGP use RSAREF in a manner that did not suffer a performance
penalty, I believe that these other subroutines are at least as
efficient, as well as being functionally identical for PGP's purposes.
Since the RSA patent does not exist outside the USA, it seems
reasonable to not encumber European users with the RSAREF subroutine
library and its own additional copyright restrictions (but there's no
reason for people in the US to use PGP 2.6.i, and I urge them not to,
because that version is not licensed by RSA). PGP 2.6.i also
implements some bug fixes which are appropriate for the correction of
errors in the official PGP 2.6.1 distributed by MIT; many of those bug
fixes, or their precise functional equivalent, appear along with other
bug fixes in PGP 2.6.2, planned for distribution by MIT on 24 October
1994. PGP 2.6.i also includes some minor functional enhancements --
including recognition (and beginning in December 94, generation) of
keys up to 2048 bits in length--that are consistent with planned future
development of the official PGP freeware product. Based on my own
review of the publicly-distributed source code, I believe that users of
PGP 2.6.i will experience a smooth migration to future versions of PGP
which I hope will be legally available for non-commercial and
commercial use worldwide. The publisher of 2.6.i, Staale Schumacher in
Norway, seems intent in supporting a version of PGP in Europe that is
as consistent and as interoperable as possible with my own official PGP
releases from MIT. He also seems willing to respect my copyrights, my
trademarks, and my agenda for the future of PGP. And he tells me that
has has carefully avoided exporting or encouraging the export of PGP
from the US. I have no objection to him using the PGP trademark for
the version of PGP that he has released.
There will be a PGP RFC document released soon, to faciltate the
development of PGP standards. The PGP RFC is an informational RFC, and
is based on deployed code. After that, a standards-track RFC will
likely be started on in an IETF working group, reflecting the new
formats of PGP 3.0. This will stabilize PGP formats and facilitate
other implementations that interoperate.
I am continuing, along with other programmers dedicated to the
improvement of public-key encryption for the masses, to develop PGP.
Along with my lawyers, I am gradually implementing a plan of action
that we hope will make such improved versions of PGP available both
inside and outside the US, in full compliance with all applicable laws,
including US technology export restrictions. Because of those
restrictions, it would be ill-advised for me to participate in
cross-border development of PGP at this time. PGP's home is in the US,
at least for now. I cannot discuss, until the US Government alters its
policies concerning export controls on cryptographic software, such
cross-border development. I have read and regretted numerous Usenet
news posts speculating on my abandonment of PGP users outside the US.
Please be assured that this is not the case. A great deal of effort
has been and will continue to be expended on serving the entire
worldwide community of users in a lawful fashion. I want to thank all
the users across the globe who have supported PGP, and me. Although I
think these restrictions on our right to free expression of our
technical ideas are at odds with the US Bill of Rights, I deplore the
actions of those who have illegally evaded those restrictions by
exporting PGP. I am doing everything I can to make strong data
security available to everyone in the world, freely and legally. I
hope all of you who believe in that goal will continue to support PGP.
-Philip Zimmermann
prz@acm.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQCVAwUBLqf+fmV5hLjHqWbdAQHo/gP8CXX9APCu7Xj4v4e/hqsyXI0qAOF734ID
3cEPCxEoGe97r8LQ51jM0iwf6eyz9tr24aNdToggX2P3neDKd6LwwPxu+kDceLut
Mmd4tK1Qj5kkWx/cjhNGamv/kD9IQyokvlCqXetGLhld0GNfO+FZyuWs583LC4gK
x+5ZbxGdi2w=
=uks5
-----END PGP SIGNATURE-----