-----BEGIN PGP SIGNED MESSAGE----- In article <2r9h97$oro@nyx10.cs.du.edu>, Alex Strasheim wrote:
I have been reading nothing but complaints ever since the planned release of 2.6 was announced.
With good reason. It's a bullshit product.
It is true that messages generated with 2.6 won't be decodable with some earlier versions, including 2.3a.
And most likely 2.4 as well, although that's a horse of a different color.
It is also true that 2.6 can't be exported with RSAREF code.
Not quite. It's not *legal* to export it. But to say that it "can't be exported" is simply untrue. It "can" be exported, and easily at that. However, I doubt there will be much demand for it, in or out of the us. It is slower than 2.3a, has unreasonable limits on keysize, and is not backwards compatable with the versions much of the world uses.
This means that it will not be possible, at first, to use 2.6 to correspond with users who are not in the US or Canada.
Or with users in the usa or canada who choose to use 2.3a. (and possibly 2.4 as well? Any confirm or deny on this one?)
But this will be a temporary condition. There are precedents for exporting code into which foreign users can plug their own crypto engines. This is probably what will happen with PGP: programmers outside of the US will develop code which duplicates the functionality of the RSAREF engine, and a non-US version of PGP, functionally equivilant to the American version, will be made available to users who don't have access to the US version.
A total waste of time. Any 'foreign users' who wish it will be able to get a copy of 2.6 in short order. But that's still not going to change the fact that it's not a worthwhile program.
The word to describe what has happened is "compromise". The PGP developers, along with MIT, were able to reach a compromise with RSADSI and PKP. Yes, they had to give some things up. But in exchange, they were able to secure the right to legally distribute, for free, an open source version of PGP in the USA.
The word to describe what has happened is "disaster". It is a deliberate attempt to fragment the international crypto community.
This is an enormous victory. It is the end, in practical terms, of the struggle to put strong, verifiable, and affordable crypto software into the hands of the general public. It's over, and we have won.
It will be "over" when I can use whatever encryption I choose to protect my communication, without the requirement of government of corperate 'approval' to avoid "legal trouble"
The thing that bothers me the most about the complaints which have been posted is that they are implicity, if not explicity, condemnations of the compromise which PRZ and MIT negotiated.
I _explicitly_ condemn the _decisions_ of whoever wrote the damn program to: 1)disallow keys bigger than 1024bits 2)remove backwards-compatable operation
I think that PRZ deserves the benefit of the doubt. He's the one who has put himself on the line for the rest of us, and he's the one who is most responsible for raising public awareness of crypto issues. I'm not suggesting that we follow him blindly; but at the same time, if he thinks this is a good deal, that ought to carry a lot of weight.
I have not yet heard prz's position regarding the limitations on pgp version 2.6, however if he supports it I simply disagree with him. Happy Hunting, -Chris ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner @ indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 - - ------------------------------------------------------------------------------ A government mandante for key-escrow encryption in all communication devices would be the information-age equivalent of the government requiring private citizens to quarter troups in their home. --David Murray PGP NSA ViaCrypt Phrack EFF #hack LOD/H 950 FBI MindVox ESN KC NUA murder QSD Hacker DEFCON SprintNet MCI AT&T HoHoCon DNIC TRW CBI 5ESS KGB CIA RSA Communist terrorist assassin encrypt 2600 NORAD missile explosive hack phreak pirate drug bomb cocain payment smuggle A.P. bullets semi-auto stinger revolution H.E.A.T. warheads porno kiddiesex export import customs deviant bribe corrupt White House senator congressman president Clinton Gore bootleg assasinate target ransom secret bluprints prototype microfilm agents mole mafia hashish everclear vodka TnaOtmSc Sony marijuana pot acid DMT Nixon yeltsin bosnia zimmerman crack knight-lightning craig neidorf lex luthor kennedy pentagon C2 cheyenne cbx telnet tymenet marcus hess benson & hedges kuwait saddam leader death-threat overlords police hitler furer karl marx mark tabas agrajag king blotto blue archer eba the dragyn unknown soldier catch-22 phoenix project biotech genetic virus clone ELINT intercept diplomat explosives el salvador m-16 columbia cartel -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdiuIuKc9MdneB1xAQFwfQP/THNlr7lcPK1ZtF1dFqdM8yw+RJE2q+C6 tScuiBduZAGBhKlOpx8yUnFr76FV8v76bhCzR4NJNMY4ybm/xpU+UBVg/gp5CB/S 8WAGE3w6FIHYBxHxxHDNtyvwzC8ySCBU47CWDhGXgXbx4kBnr7EBKv6s+x3d9GtX 0hu4XzlNqR4= =yZ4m -----END PGP SIGNATURE-----
Christian D. Odhner scripsit
-----BEGIN PGP SIGNED MESSAGE-----
In article <2r9h97$oro@nyx10.cs.du.edu>, Alex Strasheim wrote:
I have been reading nothing but complaints ever since the planned release of 2.6 was announced.
With good reason. It's a bullshit product.
Thunk. (Sound of hammer, hitting nail on head)
It is true that messages generated with 2.6 won't be decodable with some earlier versions, including 2.3a.
And most likely 2.4 as well, although that's a horse of a different color.
It is also true that 2.6 can't be exported with RSAREF code.
"I admit this is a useless product, BUT...." [...]
This means that it will not be possible, at first, to use 2.6 to correspond with users who are not in the US or Canada.
"The Acura we talked about on the phone was driven off the lot... perhaps I can interest you in this super-low-mileage 1972 'Le Car'? You can always trade it in later when we get the Acuras back in stock...."
Or with users in the usa or canada who choose to use 2.3a. (and possibly 2.4 as well? Any confirm or deny on this one?)
But this will be a temporary condition. There are precedents for exporting code into which foreign users can plug their own crypto engines. This is probably what will happen with PGP: programmers outside of the US will develop code which duplicates the functionality of the RSAREF engine, and a non-US version of PGP, functionally equivilant to the American version, will be made available to users who don't have access to the US version.
"Meanwhile, there are some excellent aftermarket sports kits for 'Le Car.' The 3rd party bra looks great on it and the suspension kits just blow away the original springs! Of course some assembly is required...."
A total waste of time. Any 'foreign users' who wish it will be able to get a copy of 2.6 in short order. But that's still not going to change the fact that it's not a worthwhile program.
Yep.
The word to describe what has happened is "compromise". The PGP developers, along with MIT, were able to reach a compromise with RSADSI and PKP. Yes, they had to give some things up. But in exchange, they were able to secure the right to legally distribute, for free, an open source version of PGP in the USA.
I said before, I couldn't figure out who had been at the table for the intellectual property interests when the 2.5 thing was negotiated, but I'd like to go up against her. We all knew it changed nothing, and no one could figure out what PKP was up to. Now its clear they weren't super clever like I first feared, but just really slow and stupid. This is a sad last minute attempt to plug the dam with a golf tea after the town has already been lost. Now you want to tell me that it was these same people who all of a sudden got hard nosed and bossed around the developers with some magic cripple-it-all compromise when, not only is the cat out of the bag, but they also have little, or questionable legal grounds? I guess they switched law firms eh? Or maybe it is the same idiots all over again.
The word to describe what has happened is "disaster". It is a deliberate attempt to fragment the international crypto community.
And an idiot's version of it too. I can't help but picture "Baldric" of "Black Adder" fame. "Fear not my lord, for *I* have a cunning plan...."
This is an enormous victory. It is the end, in practical terms, of the struggle to put strong, verifiable, and affordable crypto software into the hands of the general public. It's over, and we have won.
Won what? I won when I got PGP 2.3a. Who wins at this game where keyservers are unfriendly, keys are limited, international versions are "illegal" (still), and upgrade is basically "forced" not because the software I have on my computer now is obsolete, but because it ISN'T? What the hell is that? We won. Hah! Too bloody much.
It will be "over" when I can use whatever encryption I choose to protect my communication, without the requirement of government of corperate 'approval' to avoid "legal trouble"
The thing that bothers me the most about the complaints which have been posted is that they are implicity, if not explicity, condemnations of the compromise which PRZ and MIT negotiated.
You noticed this did you? Negotiated is a colorful verb here. VERY colorful.
I think that PRZ deserves the benefit of the doubt. He's the one who has put himself on the line for the rest of us, and he's the one who is most responsible for raising public awareness of crypto issues. I'm not suggesting that we follow him blindly; but at the same time, if he thinks this is a good deal, that ought to carry a lot of weight.
I don't know enough about the situation to know whether to support PRZ or not. Why? Because no one has been told enough. The key servers vanish quickly but silently like the extras in some B horror flick. Everyone else stands around by the campfire saying "Hey, where did Bob and Sarah go, and where's that firewood they were supposed to bring back? Where'd they get that chain saw I heard earlier and why did Sarah keep screaming? Oh well, let's wait and see if they come back. Even better, Fred, why don't you try and get some wood and see where they went?" Everytime someone objects or asks the admins for some answer, all we get is a press release with more restrictions imposed than the last over-the-barrel beating. This is victory? Give me defeat so I can go home and use 2.3a. -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig!
participants (2)
-
Black Unicorn -
cdodhner@indirect.com