Paul "K." Strong <pauls@dcs.rhbnc.ac.uk> wrote:
However, I would say that most people _regard_ v2.3a as a legal version outside the USA and so are willing to carry it on their systems; and at this time I believe nothing concrete to the contrary has been proved.
Versions 2.5 and 2.6 however are obviously illegal exports, and I think that it is the fact that people think of one as legal and the other as illegal that makes the difference, and therefore we who are outside the USA need our own version to be brought up to date.
There has never been a ruling declaring it illegal to export PGP. No one has ever been convicted of illegally exporting crypto. The ITAR restrictions also contain many exemptions, under which it could be legal to export PGP. Furthermore, If you didn't get your copy of PGP from the US then you haven't broken any laws.
I have, at this time, been informed of two separate people working on a new version that is compatible with 2.6, based on 2.3a code.
To what effect?
Maybe everyone working on (or who know of people working on) such developments could post information regarding what exactly they are changing/upgrading/doing to 2.3a to make an 'international' v2.6.
Or maybe you could just keep on using PGP 2.3a and stop worrying about it.
All of those inside the USA, *PLEASE* get involved with this. It _is_ important!
Why? Just because PGP 2.6 exists, doesn't mean you have to use it! If people want to communicate with you, they will use 2.3a also...or fix their damn software. It's their problem, not ours, so let's make it their problem! Boycott MIT-PGP.