PGP on

Hal 74076.1041 at CompuServe.COM
Sat May 1 10:02:47 PDT 1993


I want to thank Tim for taking the time to help clarify what he had in
mind in proposing that we reconsider our support for PGP in the face of
PKP's assertion of patent rights:

> I completely agree and nothing I have ever said suggests we place all our
> faith in his company or any other institution. What I have said--several
> times, now--is that a frontal attack on the RSA patents, via highly public
> postings of PGP and a "Fuck you!" approach to talking with patent owners,
> is not the best strategy at this time.

Speaking in generalizations can only go so far.  It's more useful to
consider specific actions which might be in keeping with this philosophical

I don't have many problems with our being civil to RSADSI.  We don't need
to spit in Bidzos' face whenever we meet him, refuse to shake his hand,
whatever.  Tact is OK.

And the proposal to make a U.S.-legal version of PGP can't hurt anything,
either.  Moves in this direction have been going on for some time.  Several
months ago a patch was inserted to make certain data structures be compatible
with RSA's PKCS standards, and therefore with RSAREF.  This would allow
RSAREF to be used if permission were gained to call it at an entry point
not on the allowed list.  However, this version of PGP would still be
incompatible with pre-2.2 versions.  To make a fully compatible version of PGP
you not only have to call RSAREF at an undocumented entry point, you also
have to modify the code slightly.

All this has been going on for a few months.  Eric Hughes deserves a lot
of credit for encouraging progress in this direction, but I think Phil
fundamentally agrees as well.

One advantage of a U.S.-legal version of PGP is that its very existence
would mean that no one HAD to use it.  Sending out a PGP signed message
would no longer be incriminating, even if you used the older (and
presumably faster) version of PGP.  There would be no way to tell from
external observation which PGP users were using the legal one and which were
using the illegal one.  They would be functionally equivalent, but the legal
one would be slower.  (I find this rather amusing, actually, as it just goes
to show the illogic of PKP's position.)

What are some other issues that might arise in a move away from PGP, and
an adoption of a less confrontational attitude towards RSADSI?  One is the
existance of PGP on the Cypherpunks server.  Presumably this could be
replaced by the legal version once that becomes available, but in the
mean time it might have to disappear.  I would oppose removing it unless
a legal replacement were ready.

Another suggestion that I have heard rumored is that Bidzos might be
invited to join the list.  I would strongly oppose this.  I am also not
comfortable with having him be a participant at Cypherpunks meetings but
since I don't attend them I don't really have the right to complain.

Tim has suggested, if I understand him, that we in some sense work to
improve MailSafe and other RSA products.  I don't really like the idea
of doing unpaid consulting work for a commercial outfit.  If I am going
to work for free, on my own time, I'd like to see the software made
freely available.  So any work with RSA should be on freeware products,
in my opinion.  Improve RSAREF, not MailSafe.

Another issue is whether people would be discouraged from discussing
infringing projects on the Cypherpunks list or at the meetings.  Suppose
somebody wants to talk about a socket-based DC net protocol which uses
Diffie-Hellman key exchange to initialize a shared PRNG for random bit
generation.  Oops, DH is a PKP patent.  Again, I feel that this kind of
project is entirely appropriate for the list and the group.  Does this
fall into Tim's confrontational category: "distributing infringing code
whenever possible"?  I'm not sure.

(I have to confess, given the 15 hour delay in my message posting
the other day (while a short message I dashed off 12 hours later appeared
in a few minutes), that I thought perhaps a filter had been installed to
prevent PGP-signed messages from appearing.  Of course, my message did
eventually appear, the delay being just a technical glitch. I assume
that no one would support banning PGP-signed messages from appearing
on the list.)

A really sticky issue is our public attitude towards Bidzos cracking down
on unauthorized crypto.  What if some lone wolf out there does decide to
go to the mat on PGP or some other infringing software?  Whose side do we
take?  (Refusing to take a position is a de facto support of PKP, IMO.)
I guess we'd have to hope that this never happens.  Gee, it sure seems
strange to HOPE that no one ever stands up to PKP.

I have to say on this point that I can't accept the idea of Cypherpunks
moving into a Sternlight position of support for PKP's crackdowns.

I'd be interested in hearing other specific suggestions for changes which
might result from Tim's suggestion.  This might help focus the discussion


To the extent that Tim is proposing that we encourage efforts to make a
U.S. legal version of PGP, and even replace the current version of PGP
on the Cypherpunks FTP site with the legal version when that becomes
available, I have no problem with it.  To the extent that he suggests that
we be polite and courteous in our public talk about RSADSI, I can accept
that as well.

But to the extent that anyone is proposing to go beyond this into some
of the other areas I listed above (and I have no idea exactly what
anyone has in mind specifically), I think the many problems I and others
have listed in earlier messages provide strong arguments against such

74076.1041 at

Version: 2.2


More information about the cypherpunks-legacy mailing list