-----BEGIN PGP SIGNED MESSAGE-----

To: All Users of PGP From: Philip Zimmermann, creator of PGP Re: Misconceptions about PGP 2.6 from MIT Date: 18 Aug 94

I'd like to clear up some widely held misconceptions about PGP version 2.6 from MIT. I get a lot of email and phone calls from people who report a lot of misinformation on many Internet newsgroups about this MIT version of PGP.

[Stuff Deleted]

- --------------------------------------------------------------------- Myth #2: PGP 2.6 is weaker than previous versions, with a back door. - ---------------------------------------------------------------------

This is not true. I would not allow MIT or anyone else to weaken PGP or put a back door in. Anyone who knows me will tell you that.

This is not to say that PGP doesn't have any bugs. All versions have had bugs. But PGP 2.6 has no known bugs that have any net effect on security. And MIT should be releasing a bug-fixed version of PGP 2.6 Real Soon Now.

In my opinion what helped to contribute to this assumption was the downreving of RSAREF from 2.0 in PGP 2.5 to 1.0 in PGP 2.6. (That with the "expiration date" seemed to make things look pretty evil.) What is the difference between RSAREF 2.0 and 1.0 and should I be concerned? /========================================================================\ |"I would call him a Beastialic Sadomasochistic | alano@teleport.com | |Necrophile but that would be beating a dead | Disclaimer: | |horse." -- Teriyaki (What's up Tiger Lily?) | As if anyone cares! | \========================================================================/