Cypherpatriots, This is a tough posting to write. I may even be called a quisling, or even a sternlight! This may be the most important posting I make during this current Clipper-Big Brother Chip controversy. I suggest that we as a community seriously reconsider our basic support for PGP. Not because of any flaws in the program, but because of issues related to Clipper and the potential limits on crypto. Continuing use of PGP causes several problems: 1. If RSA fails to take actions against sites and users, it weakens their legal position with respect to their patents. The government does not need licenses in any case, but users of Clipperphones *do* (not the final end-users, but the suppliers of Clipperphones to non-government customers). (A case can be made that repudiation of the patents might be a good thing. I know I have argued this at times. It's hard to know.) 2. The "guerrilla crypto" aspect of the PGP community (and our group) is charming, but may be counterproductive. If we are viewed as outlaws, the target even of RSA, then we have almost no influence, save for underground subversion. (To put this another way, if we are seen as RSA Data's enemy, we lose a potential ally. I am suggesting that a coming war between strong crypto on one side and government snooping on the other will force all participants to choose up sides.) 3. Supporting a legal version of strong crypto, which RSA Data-approved programs are and PGP is *not*, is a much more solid foundation from which to fight possible restrictions on strong crypto. 4. Our time could better be spent by solidifying existing RSA programs, including RIPEM, RSAREF-derived programs, MailSafe, and so forth. This is the approach several major companies have taken (Apple, Lotus, Sun, etc.). I've urged Jim Bidzos to work toward some compromise with the PGP community (and I think everyone recognizes the positive aspects of this growing community). This might include creating translation programs so MailSafe or RIPEM can read PGP files, a reworking of PGP to conform to licensing requirements, etc. I'm hoping that Phil Zimmermann can see what the real battle is. The PGP community is not likely to win their battle in court, and the effect of such a court battle will be divisive and ultimately may help the government in its plans. Phil Z. is most unlikely to ever see any real revenues from PGP. I think the benefits of a strong, legal, supported crypto product are greater than the dubious benefits of having a "free" piece of software. At any reasonable hourly wage, the cost of MailSafe ($125, last time I checked) is dwarfed by the amount of time crypto activists like ourselves spend debating it, downloading it, awaiting patched versions, etc. (All is not rosy on the RSA Data side, either. RSA Data chose to concentrate on getting RSA built in to e-mail products from the major companies and chose not to devote much effort to PGP-like personal encryption products (such as MailSafe, which runs on DOS and UNIX only and which hasn't changed much since 1988). Support for RSA Data should mean more support for these kinds of products. We could essentially ask RSA for a commitment in this area.) I'm arguing that we should look carefully and see what the real issues are, who the real enemy is, and then make plans accordingly. Awaiting your feedback, -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime