What's the story with PGP 2.6? I haven't (yet) gotten any hard information about it -- is there mail I should have gotten but didn't? I'm sure glad MIT put out 2.5, before putting out 2.6. It would have been much worse if they went right to 2.6. It does seem fortuitous that 2.5 ever got released at all, or am I missing something? This whole process backs up the point that the whole cryptography infrastructure is important. Maybe the world will split into 2.6+ and 2.5- camps, with the 2.6+ camps being locked onto a bandwagon they can't get off of. Maybe all software in the future will have 2.6+ built into it, making life really unmanagable for the dwindling 2.5- crowd[sic]. How can you get cryptography to the masses when they all have Clipper? You can't -- if it gets that bad, we've lost the battle (although we can keep our own antique 2.5- copy if we want to, as a relic from the "good old days"). I'd bet that 2.6 doesn't have a backdoor in it, but that 2.7 or 2.8 or 3.9 or 123.456 eventually will... And, as I pointed out before, if the world gets saddled with a key length restriction in whatever evolves to become the standard, eventually that will be equivalent to a back door. Maybe I'm too pessimistic, but how can we fight the infrastructure battle? I'm sore afraid that our brand of crypto is like trying to peddle a new OS to compete with Unix/NT/... -- it just ain't real easy to displace a "standard", flawed though it may be... Any ideas are welcome -- I'm just running a little low now. -- dat@ebt.com (David Taffs)