To: Jim Bidzos RSA Data Security, Inc. 5 May 93 Dear Jim: I am writing to you to get your approval to install RSAREF into PGP in order to make PGP legal and hopefully end the conflicts regarding patent infringement. You said publicly a number of times that PGP may become legal in the US if it incorporated RSAREF. I assume from these remarks that you would prefer that to happen. So let's do it. PGP now has, in testbed form, RSAREF integrated into it. With your approval, the next release could be an RSAREF version. I say your approval, because it is necessary to use the two static entry points RSAPublicBlock and RSAPrivateBlock in rsa.c in RSAREF to allow backward compatibility with older versions of PGP. Unfortunately, the old versions of PGP have an error that makes the contents of a DEK and MD packet inside of an RSA multiprecision integer not comply with PKCS standards of padding. New versions of PGP will correct this problem, but backward compatibility is needed, so the RSAPublicBlock and RSAPrivateBlock entry points must be called to parse the old packets. The global entry points RSAPublicEncrypt and RSAPrivateEncrypt will also be used to generate the new PKCS-formatted packets. As I understand it, the standard RSAREF license requires your approval to use these entry points. I discussed these ideas with Ron Rivest and Burt Kaliski, and both seemed to not raise any objections. I hope you will agree. At some time in the future, when all the old certifying signatures are eventually replaced with new ones, these static entry points will not have to be called, allowing the the regular entry points in rsa.h to be called in their place. We will be encouraging people to get their certifying signatures renewed on their keys with the new version of PGP. PGP users outside the US will be using a version of PGP without RSAREF, but it will be compatible in every way with the RSAREF version. The PGP developers will also be contributing some speedups to RSAREF in future releases. This will help all of your installed base of RSAREF applications. I am also modifying the PGP User's Guide to remove the remarks in the legal issues section that I suspect you regard as inflammatory. I hope this will pave the way for us to close ranks and work together on fighting the Clipper chip initiative. If there are other measures you'd like me to take to improve relations between us, let me know. I hope our common political objectives will outweigh your personal feelings, so the community of PGP users may work better with you to face these pressing policy issues. The new release can be ready in a few days, if you approve. Regards, Philip Zimmermann