You may be correct in that Phil Zimmermann has no legal recourse, but I counldn't say for sure. I am more concerned with the ethical issues. What have you called your new super-duper pgp? If you make it abundantly clear that it is *your* hack of pgp, and not supported in any way by RSA, MIT, or prz, I personally wouldn't have a problem with it.
Isn't it ironic, though, that Phil Zimmerman was the victim of a similar accusation by PKP/RSA -- "pirating" code? IMHO, that's also who the person who released this new version really needs to worry about. If they modified PGP 2.3a code, then they're in the same boat as PRZ if they distribute it. The GPL only covers PRZ's (and Colin Plumb's) code, not the RSA routines. Also, I wonder whether the RSAREF license on 2.6 is valid for modified versions? Geeez! If it's just the name, then call this newest version "TAP" for "Totally Awesome Privacy", or something similar. Just so the "look and feel" are the same. Nothing would stop the end user from renaming it from TAP.EXE to PGP.EXE, of course... <g> I can sympathize with PRZ in wanting to protect his "baby" from the hackings of "unwashed Philistines" or whatever, but had he taken that attitude regarding the original RSA code, PGP might never have come about.