Cypherians, Phil Zimmermann was at our "Extropians Fifth Anniversary Party" in the Santa Cruz mountains yesterday and last night; Extropians are another mailing list/group, of course, but there is a substantial overlap between the groups. Several items of potential interest: 1. RSA did not know of the ViaCrypt deal until after it was signed last Sunday. ViaCrypt's license allows it to put whatever it wants around the RSA core....it has picked PGP as the wrapper. RSA can't really object to this, provided the RSA core is as the contract with ViaCrypt specifies. 2. Phil will carefully inspect the code, including the RSA part, and is confident no funny business is planned by ViaCrypt or anyone else. (I have to trust Phil on this matter more than any "panel" or the like....after all, he wanted to put trapdoors in, he could in the existing PGP--though of course this is highly unlikely to have been put in in the first place and to have remained undiscovered all this time.) 3. There's a bunch of confusing--to me--stuff about U.S. versions, European/foreign versions, what can and can't be exported and imported, the ITAR (International Traffic in Arms Regulations), and so on. Basically, there may be separate European versions, possibly using different code. Triple DES may be used in some versions (don't ask me for details....I'm not sure of the tradeoffs between DES and IDEA...perhaps the deal to use IDEA doesn't fit with a commercial version of PGP). 4. I showed Phil the MacPGP 2.3 program on my PowerBook 170. The "help" system especially impressed him (it does me, too). He is not closely connected with Zig F.'s Macintosh development. 5. Integrating PGP with mailers--the "elm" and MIME ideas that keep surfacing--is still being debated. Running PGP on a machine outside one's own control is always dangerous, but, let's face it, is how _many_ people are already using PGP and how many of the future corporate customers will be likely to use it. (The PGP secret key will then be found scattered around in backups, on other disks, etc. Even the manually-entered passphrase is *not sufficient*, as many systems have "scrypt" and similar keystroke-capture programs automatically recording all keystrokes. Even my Macintoshes capture all keystrokes ("Last Resort," "Thunder 7, etc., have such utilities). This is an unresolved issue! (Talk of using smartcards, RSA cards, Newton-like PDAs, etc., is one approach, but this moves away from ease of use by requiring specialized hardware.) 6. Ease of use remains a problem. Phil mentioned again that he sends a routine form letter out to all those who send him encrypted e-mail explaining that it may take him several days to get around to reading their messages...he has to do the same multi-step procedure of downloading to his local PC, quitting, saving the file, starting PGP, and so on. (Phil has never run PGP on a machine outside his control.) 7. Phil also wanted to talk about the political issues of RSA vs. PGP, about my concerns some months back that the battle for strong crypto would not be won with explicitly illegal programs, etc. I told him I thought the ViaCrypt deal was a nearly perfect solution to these concerns: individuals and corporations can now safely use PGP without the fear of asset forfeiture or criminal prosecution should a zealous prosecutor decide to "make an example" of them. A legal version of PGP is the goal many of us were seeking. A major win. I congratulate Phil for pulling this off. 8. Perhaps most ironically, David Sternlight (the neural net AI automatic posting program I mentioned a few days ago) has asked to be a beta site for the ViaCrypt program! Sternlight blesses ViaCrypt...the mind boggles. (To be fair to Sternlight--something many people may flame me for :-} --he never argued for a ban on crypto, or for restrictions, only that a "legal" or "unencumbered" version be used. Hence his involvement with RIPEM.) That's what I remember. The party started at 2 p.m. at the mountain-top home of Mark Desilets and lasted 'til well after 3 a.m....and may still be going. I didn't count, but there were probably at least a hundred people, including a dozen or more Cypherpunks. A real blast. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it.