creating a v2.6 of PGP for the REST of us!
If patches are going to be produced for PGP 2.3a for those of us outside the USA who wish to send PGP encrypted data to USA users of v2.6, will the patches also enable a key from a patched 2.3a to be put onto a USA key-server that only accepts v2.6 keys - will the keys be labelled as v2.6? I take it Pr0duct Cypher's patch doesn't include this? Maybe instead of many people producing different patches (some of which will be good and some bad) a new version (labelled as v2.6euro?) should be released from outside the USA that is derived from 2.3a code; therefore producing a version that is no different in _appearance_ to MIT's v2.6. The point being that an 'ALL-NEW-SUPER-DUPER' version may attract more attention outside the USA than, as some may view it, 'just a pointless patch' would do. Also, some ftp sites and bulletin boards outside the USA don't like carrying software that was illegally exported. A special non-USA version of 2.6 would allow everyone to be happy and compatible. Wouldn't this create a unified world of compatible PGP users? *************************************************************************** * Paul Strong Witty one-liner coming soon! * * * * pauls@dcs.rhbnc.ac.uk Finger for PGP v2.3a public key * ***************************************************************************
Maybe instead of many people producing different patches (some of which will be good and some bad) a new version (labelled as v2.6euro?) should be released from outside the USA that is derived from 2.3a code; therefore producing a version that is no different in _appearance_ to MIT's v2.6.
Also, some ftp sites and bulletin boards outside the USA don't like carrying software that was illegally exported. A special non-USA version of 2.6 would allow everyone to be happy and compatible.
While creating a 2.6-like version from 2.3a seems a worthy goal, this supporting argument is flawed. The original PGP was written in the USA and, never having received the proper export approvals, must have been "illegally exported." Isn't Phil Zimmerman being "investigated" by a grand jury for this even now? So, it would seem to me that a bulletin board carrying any version of PGP holds illegally exported software (wrt US law). How does 2.3a differ from 2.6 in this respect? -- Jeff
This is probably a stupid question, but where is PGP 2.6 available for anon FTP? I've only been able to find v. 2.5 so far. If someone could please send me a good FTP address I would be very appreciative. --- ************************************************************************* ** Jeffrey L. Frost (Jeff please) * <tsumjf1@asnmail.asc.edu) ** ** TSU School of Nursing * Public Key Available upon request ** *************************************************************************
This is probably a stupid question, but where is PGP 2.6 available for anon FTP? I've only been able to find v. 2.5 so far. If someone could please send me a good FTP address I would be very appreciative.
You may not find it for anonymous FTP at this point, but you get obtain it directly from MIT: Date: Mon, 16 May 94 14:04:01 -0400 Message-Id: <9405161804.AA08573@big-screw> From: Jeffrey I. Schiller <jis@mit.edu> To: cypherpunks@toad.com Subject: PGP 2.5 Beta Release Over, PGP 2.6 to be released next week -----BEGIN PGP SIGNED MESSAGE----- The beta version of PGP 2.5 is now being removed from MIT file servers. In about a week, MIT will begin distribution of a new release numbered PGP 2.6. PGP 2.6 will incorporate a new version of RSAREF, scheduled for release by RSA Data Security next week, and will also correct bugs that were reported in PGP 2.5. In order to fully protect RSADSI's intellectual property rights in public-key technology, PGP 2.6 will be designed so that the messages it creates after September 1, 1994 will be unreadable by earlier versions of PGP that infringe patents licensed exclusively to Public Key Partners by MIT and Stanford University. PGP 2.6 will continue to be able to read messages generated by those earlier versions. MIT's intent is to discourage continued use of the earlier infringing software, and to give people adequate time to upgrade. As part of the release process, MIT has commissioned an independent legal review of the intellectual property issues surrounding earlier releases of PGP and PGP keyservers. This review determined that PGP 2.3 infringes a patent licensed by MIT to RSADSI, and that keyservers that primarily accept 2.3 keys are mostly likely contributing to this infringement. For that reason, MIT encourages all non-commercial users in the U.S. to upgrade to PGP 2.6, and all keyserver operators to no longer accept keys that are identified as being produced by PGP 2.3. -----BEGIN PGP SIGNATURE----- Version: 2.5 iQBVAgUBLdezEVUFZvpNDE7hAQGRhAH+KACuaOfMynsL9QGmJpp9ToWEJB+1OFGb whoZbHbw/H268zIrFoCcm24UITcBiIcuSsk3ydpMyFTb/YBgIbzgqQ== =EbV1 -----END PGP SIGNATURE-----
If patches are going to be produced for PGP 2.3a for those of us outside the USA who wish to send PGP encrypted data to USA users of v2.6, will the patches also enable a key from a patched 2.3a to be put onto a USA key-server that only accepts v2.6 keys - will the keys be labelled as v2.6?
I posted a patch to cypherpunks yesterday that does that.
I take it Pr0duct Cypher's patch doesn't include this?
I don't think it does.
Maybe instead of many people producing different patches (some of which will be good and some bad) a new version (labelled as v2.6euro?) should be released from outside the USA that is derived from 2.3a code; therefore producing a version that is no different in _appearance_ to MIT's v2.6.
mathew@mantis.co.uk is working my patch plus some other stuff into a brand new version to be called 2.6ui (where the "ui" stands for "unofficial international"). It will be packaged as a complete release, with .tar files and .zip files and .sig files etc. The raw patch file will also be there. --apb (Alan Barrett)
participants (5)
-
Alan Barrett -
Jeff Barber -
Jeffrey L. Frost -
Paul K. Strong -
paul@hawksbill.sprintmrn.com