Nothing has appeared on this list on this subject since the initial flurry sparked by PGP-RSAREF negotiations. I thought I would just post a few short comments based on inside sources and speculations for all the cypherpunks waiting on the edge of their consoles to hear some word. In no way should this be construed to be representative of positions on either side. I just hope to give members a little current insight and encouraging glimpse, but also show how the difficulties involved in the negotiations mean this is not as simple as Bidzos and Zimmerman shaking hands without snarling (although that's certainly part of it). A rather serious obstacle to RSAREF integration into PGP is that the RSAREF routines only `ostensibly' allow RSA encryption of DES session keys. For novices on the list, the background for this is that RSA is too slow to use to encode an entire message, so that one uses RSA to encode a randomly generated key for each session (hence the name) that is contained in the transmission. The remainder of the transmission includes the message encrypted under the private-key algorithm (e.g. DES) with the generated session key. Since the key is shorter than the message and the private-key algorithm faster than the public-key approach, this scheme results in a net gain of speed, but with security only `as strong' as the private key algorithm. Because of suspected weaknesses in DES, Zimmerman chose to use the Swiss IDEA algorithm for the session keys, and for obvious reasons prefers to continue to do so. However, the RSAREF routines have a `published interface' that only permits the system using a DES key. There are `low level' routines that do pure unadulterated RSA encryption of arbitrary data, crucial to PGP functions, but by the terms of the license the programmer is *not* allowed to call them! The reason for this restriction is presumably that a high-degree of backward-compatibility is required of the library, so that a strict adherence to use through `official' entry points must be preserved. However, this `hamstring connected' means that by no stretch of the imagination can RSAREF be considered a `general purpose RSA cryptography library' (in fact, it appears to be designed solely for meeting the PEM standard). It also means that the cryptographic security of RSAREF is quite curiously limited to that of DES. Rumor has it that Mark Riordan got permission to put in triple DES into RSAREF for RIPEM but so far it is unclear if Zimmerman and Bidzos can/will/have hammer(d) out something that allows the current PGP IDEA cipher. The backward compatibility of all previous PGP versions, and ultimately the integration of RSAREF into PGP, is at stake. Rumor has it that even Rivest (the R in RSA!) may be helping forge something favorable to everyone. Another complication of RSAREF that most on this list are probably familiar with is that it is not permitted to be used outside the U.S. Hence parallel versions of PGP must be maintained even if RSAREF would allow an IDEA implementation. One other complication is that Mr. Zimmerman, while apparently never directly profiting from PGP use, has before publicly `reserved the right' to attempt to gain some kind of compensation for his Herculean efforts on PGP, for which he has `a life sentence' and finds that it takes major amounts of his time and commitment, although he is also firm in his promise to keep it free. Of course, the position is not wholly compatible with RSA interests. Finally, I hear that negotiations are on pause while currently Mr. Zimmerman is in the middle of his May 19 - Jun 9 `PRZ EuroCrypt Tour' and is meeting PGP fanatics, groupies, and developers all over Europe! In fact, here's an excerpt from a message that made the rounds among some PGP contributors:
From 27 May until maybe 30 May, more or less, I'll be traveling by train from Bergan, Norway, through Oslo, then on down to Copenhagen, down to Hamburg, and over to Amsterdam. I'll be stopping along the way to see some sights, having never been to Europe before.
From 30(?) May til 6 June, I'll be hanging around Amsterdam and the surrounding area, to see some things from something other than a train seat.
From 6 June to 9 June, I'll be in Washington DC, giving a talk at the 7 June CPSR conference in DC. Then I'm going home.
If any of you want to pass this on to the PGP fans in Europe, who are fanatical enough to meet me over there in my travels, feel free. If I play my cards right, I'll never have to buy lunch while I'm in Europe.
Maybe with enough encouragement and hospitality he'll make it through the subsequent negotiations without strangling anyone or being strangled :) (You may be able to reach PRZ at prz@acm.org.)
participants (1)
-
L. Detweiler