It is my understanding that folk outside the USA can legally run PGP versions from 2.0 to 2.3a, but cannot legally run Viacrypt 2.4 or the RSAREF-based version 2.5, because they contain code that cannot be exported from the USA.
Think about this. Under whose law would your running PGP 2.5 be illegal? Your country's perhaps, I don't know. But the U.S. has no law against foreigners (who aren't under its jurisdiction, anyway) using encryption. Now, it's illegal under the ITAR for someone in the U.S. to export any version of PGP, or almost any crypto software. This is for National Security reasons, natch. And most U.S. use of pre-2.4 versions probably infringes on RSA's patent on the math behind PGP. But once it's over the border, none of this matters (until GATT extends the miracle of uniform software patents to its signatories). Eli ebrandt@hmc.edu