-----BEGIN PGP SIGNED MESSAGE----- In article <2r9h97$oro@nyx10.cs.du.edu>, Alex Strasheim wrote:
I have been reading nothing but complaints ever since the planned release of 2.6 was announced.
With good reason. It's a bullshit product.
It is true that messages generated with 2.6 won't be decodable with some earlier versions, including 2.3a.
And most likely 2.4 as well, although that's a horse of a different color.
It is also true that 2.6 can't be exported with RSAREF code.
Not quite. It's not *legal* to export it. But to say that it "can't be exported" is simply untrue. It "can" be exported, and easily at that. However, I doubt there will be much demand for it, in or out of the us. It is slower than 2.3a, has unreasonable limits on keysize, and is not backwards compatable with the versions much of the world uses.
This means that it will not be possible, at first, to use 2.6 to correspond with users who are not in the US or Canada.
Or with users in the usa or canada who choose to use 2.3a. (and possibly 2.4 as well? Any confirm or deny on this one?)
But this will be a temporary condition. There are precedents for exporting code into which foreign users can plug their own crypto engines. This is probably what will happen with PGP: programmers outside of the US will develop code which duplicates the functionality of the RSAREF engine, and a non-US version of PGP, functionally equivilant to the American version, will be made available to users who don't have access to the US version.
A total waste of time. Any 'foreign users' who wish it will be able to get a copy of 2.6 in short order. But that's still not going to change the fact that it's not a worthwhile program.
The word to describe what has happened is "compromise". The PGP developers, along with MIT, were able to reach a compromise with RSADSI and PKP. Yes, they had to give some things up. But in exchange, they were able to secure the right to legally distribute, for free, an open source version of PGP in the USA.
The word to describe what has happened is "disaster". It is a deliberate attempt to fragment the international crypto community.
This is an enormous victory. It is the end, in practical terms, of the struggle to put strong, verifiable, and affordable crypto software into the hands of the general public. It's over, and we have won.
It will be "over" when I can use whatever encryption I choose to protect my communication, without the requirement of government of corperate 'approval' to avoid "legal trouble"
The thing that bothers me the most about the complaints which have been posted is that they are implicity, if not explicity, condemnations of the compromise which PRZ and MIT negotiated.
I _explicitly_ condemn the _decisions_ of whoever wrote the damn program to: 1)disallow keys bigger than 1024bits 2)remove backwards-compatable operation
I think that PRZ deserves the benefit of the doubt. He's the one who has put himself on the line for the rest of us, and he's the one who is most responsible for raising public awareness of crypto issues. I'm not suggesting that we follow him blindly; but at the same time, if he thinks this is a good deal, that ought to carry a lot of weight.
I have not yet heard prz's position regarding the limitations on pgp version 2.6, however if he supports it I simply disagree with him. Happy Hunting, -Chris ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner @ indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 - - ------------------------------------------------------------------------------ A government mandante for key-escrow encryption in all communication devices would be the information-age equivalent of the government requiring private citizens to quarter troups in their home. --David Murray PGP NSA ViaCrypt Phrack EFF #hack LOD/H 950 FBI MindVox ESN KC NUA murder QSD Hacker DEFCON SprintNet MCI AT&T HoHoCon DNIC TRW CBI 5ESS KGB CIA RSA Communist terrorist assassin encrypt 2600 NORAD missile explosive hack phreak pirate drug bomb cocain payment smuggle A.P. bullets semi-auto stinger revolution H.E.A.T. warheads porno kiddiesex export import customs deviant bribe corrupt White House senator congressman president Clinton Gore bootleg assasinate target ransom secret bluprints prototype microfilm agents mole mafia hashish everclear vodka TnaOtmSc Sony marijuana pot acid DMT Nixon yeltsin bosnia zimmerman crack knight-lightning craig neidorf lex luthor kennedy pentagon C2 cheyenne cbx telnet tymenet marcus hess benson & hedges kuwait saddam leader death-threat overlords police hitler furer karl marx mark tabas agrajag king blotto blue archer eba the dragyn unknown soldier catch-22 phoenix project biotech genetic virus clone ELINT intercept diplomat explosives el salvador m-16 columbia cartel -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdiuIuKc9MdneB1xAQFwfQP/THNlr7lcPK1ZtF1dFqdM8yw+RJE2q+C6 tScuiBduZAGBhKlOpx8yUnFr76FV8v76bhCzR4NJNMY4ybm/xpU+UBVg/gp5CB/S 8WAGE3w6FIHYBxHxxHDNtyvwzC8ySCBU47CWDhGXgXbx4kBnr7EBKv6s+x3d9GtX 0hu4XzlNqR4= =yZ4m -----END PGP SIGNATURE-----