To: Jeffrey I. Schiller <jis@mit.edu> CC: cypherpunks@toad.com Jeffrey, I received your announcement of PGP 2.6 on Cypherpunks. I have one question I hope you will address. You said, In order to fully protect RSADSI's intellectual property rights in public-key technology, PGP 2.6 is designed so that the messages it creates after September 1, 1994 will be unreadable by earlier versions of PGP that infringe patents licensed exclusively to Public Key Partners by MIT and Stanford University. ... Because earlier versions of PGP (including MIT's Beta test PGP 2.5 release) will not be able to read messages created by PGP 2.6 after September 1, 1994, MIT strongly urges all PGP users to upgrade to the new format. The intent of the format change is to discourage continued use of earlier infringing software in the U.S., and to give people adequate time to upgrade. As part of the release process, MIT commissioned an independent legal review of the intellectual property issues surrounding earlier releases of PGP and PGP keyservers. This review determined that use of PGP 2.3 within the United States infringes a patent licensed by MIT to RSADSI, and that keyservers that primarily accept 2.3 keys are mostly likely contributing to this infringement. ... The problem is that messages generated by PGP 2.6 after 9/1/94 will also be unreadable by PGP 2.4 (VIACRYPT PGP) which is completely legal for both private and commercial use in the USA because it has a license issued by RSADSI. This is the -only- version of PGP which may be legally used commercially. They will also be unreadable to users of PGP 2.3 who reside overseas. These persons are not violating RSA's patents because those patents are not valid overseas. I will not willingly give up my current ability to exchange encrypted e-mail with commercial entities, or with users outside the USA/Canada. What is the legal status of PGP 2.5, which does not have this delayed action crippling "feature"? Is the 2.5 license valid? If so, why would anyone in their right mind switch from 2.5 to 2.6? Why is RSADSI and MIT acting against the interests of their own licensee, ViaCrypt? (And shooting themselves in the foot by reducing their ViaCrypt royalty income)? Enquiring minds want to know! -- edgar@spectrx.sbay.org (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca