PGP 2.5 Beta Release Over, PGP 2.6 to be released next week
-----BEGIN PGP SIGNED MESSAGE----- The beta version of PGP 2.5 is now being removed from MIT file servers. In about a week, MIT will begin distribution of a new release numbered PGP 2.6. PGP 2.6 will incorporate a new version of RSAREF, scheduled for release by RSA Data Security next week, and will also correct bugs that were reported in PGP 2.5. In order to fully protect RSADSI's intellectual property rights in public-key technology, PGP 2.6 will be designed so that the messages it creates after September 1, 1994 will be unreadable by earlier versions of PGP that infringe patents licensed exclusively to Public Key Partners by MIT and Stanford University. PGP 2.6 will continue to be able to read messages generated by those earlier versions. MIT's intent is to discourage continued use of the earlier infringing software, and to give people adequate time to upgrade. As part of the release process, MIT has commissioned an independent legal review of the intellectual property issues surrounding earlier releases of PGP and PGP keyservers. This review determined that PGP 2.3 infringes a patent licensed by MIT to RSADSI, and that keyservers that primarily accept 2.3 keys are mostly likely contributing to this infringement. For that reason, MIT encourages all non-commercial users in the U.S. to upgrade to PGP 2.6, and all keyserver operators to no longer accept keys that are identified as being produced by PGP 2.3. -----BEGIN PGP SIGNATURE----- Version: 2.5 iQBVAgUBLdezEVUFZvpNDE7hAQGRhAH+KACuaOfMynsL9QGmJpp9ToWEJB+1OFGb whoZbHbw/H268zIrFoCcm24UITcBiIcuSsk3ydpMyFTb/YBgIbzgqQ== =EbV1 -----END PGP SIGNATURE-----
On Mon, 16 May 1994, Jeffrey I. Schiller wrote:
MIT encourages all non-commercial users in the U.S. to upgrade to PGP 2.6, and all keyserver operators to no longer accept keys that are identified as being produced by PGP 2.3.
But how SAFE is MIT-PGP 2.6? I've yet to read any independent reviews of it. ____ Robert A. Hayden <=> hayden@krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)
Jeffrey I. Schiller scribbles:
In order to fully protect RSADSI's intellectual property rights in public-key technology, PGP 2.6 will be designed so that the messages it creates after September 1, 1994 will be unreadable by earlier versions of PGP that infringe patents licensed exclusively to Public Key Partners by MIT and Stanford University. PGP 2.6 will continue to be able to read messages generated by those earlier versions.
So how long do you think it'll take after the release of 2.6 for patches that disable this "feature" to come out? And what about ViaCrypt's PGP 2.4? Bob
You wrote: | Jeffrey I. Schiller scribbles: | > In order to fully protect RSADSI's intellectual property rights in | > public-key technology, PGP 2.6 will be designed so that the messages it | > creates after September 1, 1994 will be unreadable by earlier versions | > of PGP that infringe patents licensed exclusively to Public Key Partners | > by MIT and Stanford University. PGP 2.6 will continue to be able to read | > messages generated by those earlier versions. | | So how long do you think it'll take after the release of 2.6 for | patches that disable this "feature" to come out? | | And what about ViaCrypt's PGP 2.4? Well, clearly, 2.6 will have some very bright AI features, so that it will talk to people who'se Key-ID's identify them as being outside of the US, as their versions of PGP are perfectly legal. And 2.4 is legal, if the 2.6 code doesn't recognize that, well, then that code is buggy & will need to be fixed. :) Adam -- Adam Shostack adam@bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker.
Jeffrey Schiller and C'punks, On Mon, 16 May 1994, Jeffrey I. Schiller wrote:
. . . In order to fully protect RSADSI's intellectual property rights in public-key technology, PGP 2.6 will be designed so that the messages it creates after September 1, 1994 will be unreadable by earlier versions of PGP that infringe patents licensed exclusively to Public Key Partners by MIT and Stanford University. PGP 2.6 will continue to be able to read messages generated by those earlier versions. . . .
Does this intentional non-interoperability include ViaCrypt PGP? S a n d y
In order to fully protect RSADSI's intellectual property rights in public-key technology, PGP 2.6 will be designed so that the messages it creates after September 1, 1994 will be unreadable by earlier versions of PGP that infringe patents licensed exclusively to Public Key Partners by MIT and Stanford University. PGP 2.6 will continue to be able to read messages generated by those earlier versions.
I suppose that it (also) will not allow upgrade inclusion of a secret key created with these previous versions? If not, I can't imagine many folks will be rushing to upgrade to 2.6. - paul
Paul Ferguson says:
In order to fully protect RSADSI's intellectual property rights in public-key technology, PGP 2.6 will be designed so that the messages it creates after September 1, 1994 will be unreadable by earlier versions of PGP that infringe patents licensed exclusively to Public Key Partners by MIT and Stanford University. PGP 2.6 will continue to be able to read messages generated by those earlier versions.
I suppose that it (also) will not allow upgrade inclusion of a secret key created with these previous versions? If not, I can't imagine many folks will be rushing to upgrade to 2.6.
Besides, since 2.5 is legal, and doesn't have this "feature", and can be fixed by people at will, I suspect that no one will see any reason to use 2.6... Perry
In order to fully protect RSADSI's intellectual property rights in public-key technology, PGP 2.6 will be designed so that the messages it creates after September 1, 1994 will be unreadable by earlier versions of PGP that infringe patents licensed exclusively to Public Key Partners by MIT and Stanford University. PGP 2.6 will continue to be able to read messages generated by those earlier versions.
Are we ever going to be told the details of the deals previously alluded to regarding keyservers and PGP 2.5 (and now presumably also PGP 2.6)? I grow more and more curious. If users inside the USA take to using PGP 2.6 then users outside the USA will, by fair means or foul, have to obtain PGP 2.6 (or at least enough technical data to enable them to independently implement the relevant algorithms). Failing that, they will have to live with the inability to read messages from PGP 2.6 users inside the USA. Sigh. I wonder whether anybody is deliberately fostering a split between USA and non-USA users of PGP. --apb (Alan Barrett)
On Mon, 16 May 1994, Alan Barrett wrote:
If users inside the USA take to using PGP 2.6 then users outside the USA will, by fair means or foul, have to obtain PGP 2.6 (or at least enough technical data to enable them to independently implement the relevant algorithms). Failing that, they will have to live with the inability to read messages from PGP 2.6 users inside the USA. Sigh. I wonder whether anybody is deliberately fostering a split between USA and non-USA users of PGP.
I just found PGP 2.5 on a non-USA ftp site. I expect 2.6 will turn up there. Dave
Hi Everyone. I've been lurking on this very interesting list, but I figured this needed to be commented on. ;-) On Mon, 16 May 1994, Jeffrey I. Schiller wrote:
public-key technology, PGP 2.6 will be designed so that the messages it creates after September 1, 1994 will be unreadable by earlier versions of PGP that infringe patents licensed exclusively to Public Key Partners
This kind of fascism has, IMO, doomed PGP 2.6 before it's even met full release status. Not only do I disagree with the principles behind this, but it shuts out the rest of the world from reading messages originating in Canada and the U.S., which more than anything else will kill PGP 2.6. After all, the world most certainly does not revolve around North America. I'd say that it's high time for another European release of PGP. Mark
participants (10)
-
Adam Shostack -
Alan Barrett -
Bob Snyder -
Dave Crookes -
Jeffrey I. Schiller -
Mark Carter -
paul@hawksbill.sprintmrn.com -
Perry E. Metzger -
Robert A. Hayden -
Sandy Sandfort