I asked Philip Zimmermann what he thought of the ZiffWire article on PGP, and this is what he said: ---------- Forwarded message ---------- Date: Thu, 7 Jul 1994 22:29:24 -0700 (MDT) From: Philip Zimmermann <prz@acm.org> To: Michael Johnson <mpj@csn.org> Subject: ZiffWire article on PGP 2.6 (fwd) Forwarded message:
From columbine!prz Thu Jul 7 20:58:25 1994 Date: Thu, 07 Jul 1994 20:55:20 -0700 (MDT) From: Philip Zimmermann <prz@acm.org> Subject: ZiffWire article on PGP 2.6 To: cypherpunks@toad.com (Cypherpunks) Cc: prz@pascal.acm.org Reply-To: Philip Zimmermann <prz@pascal.acm.org> Message-Id: <m0qM65x-0002vqC@maalox.ppgs.com> X-Mailer: ELM [version 2.4 PL22] Content-Type: text Content-Transfer-Encoding: 7BIT Content-Length: 2943
I would like to correct a misleading assertion that appeared in an article dated 5 July, attributed to "PC Week via INDIVIDUAL, Inc" that came from ZiffWire. The apparent author of the article is Eamonn Sullivan. I think it was posted on the Cypherpunks mailing list. The article concerns Pretty Good Privacy, version 2.6, distributed by MIT. The misleading and damaging paragraphs follow:
MIT and RSA's distribution of PGP Version 2.6 is an attempt to short- circuit PGP's popularity. After Sept. 1, 1994, PGP 2.6 will no longer work with documents and keys generated and encrypted by older versions of PGP, and it is licensed for use only in the United States.
The release is already causing upheaval, since its public-key format is different than in prior versions, and numerous public-key repositories will have to be updated.
[07-05-94 at 17:19 EDT, Copyright 1994, ZiffWire, File: c0705185.2zf]
This assertion is erroneous and damaging to PGP's reputation. PGP 2.6 will always be able to read messages, signatures, and keys from older versions, even after September 1st. The older versions will not be able to read messages, signatures and keys produced by PGP 2.6 after September 1st. This is an entirely different situation. There is every reason for people to switch to PGP 2.6, because it will be able to handle both data formats, while the older versions will not. Until September, the new PGP will continue to produce the old format that can be read by older versions, but will start producing the new format after that date. This delay allows time for everyone to obtain the new version of PGP, so that they will not be affected by the change. Key servers will still be able to carry the keys made in the old format, because PGP 2.6 will still read them with no problems. The assertion made in the article has it backwards, which would indeed be bad if PGP were to start behaving that way. If it did, I wouldn't use it myself. I call upon ZiffWire and PC Week to issue a correction to this error. Also, note that any export restrictions on PGP 2.6 are imposed by the US government. This does not imply that MIT or myself agree with these restrictions. We just comply with them. We do not impose additional licensing restrictions of our own on the use of PGP outside of the US, other than those restrictions that already apply inside the US. PGP may be subject to export controls. Anyone wishing to export it should first consult the State Department's Office of Defense Trade Controls. I developed PGP 2.6 to be released by MIT, and I think this new arrangement is a breakthrough in the legal status of PGP, of benefit to all PGP users. I urge all PGP users to switch to PGP 2.6, and abandon earlier versions. The widespread replacement of the old versions with this new version of PGP fits in with future plans for the creation of a PGP standard. Philip Zimmermann