MIT has released PGP 2.6

Edgar W. Swank edgar at spectrx.sbay.org
Thu May 26 15:24:53 PDT 1994


To: Jeffrey I. Schiller <jis at mit.edu>
CC: cypherpunks at toad.com

Jeffrey,

I received your announcement of PGP 2.6 on Cypherpunks.  I have one
question I hope you will address.  You said,

    In order to fully protect RSADSI's intellectual property rights in
    public-key technology, PGP 2.6 is designed so that the messages it
    creates after September 1, 1994 will be unreadable by earlier
    versions of PGP that infringe patents licensed exclusively to
    Public Key Partners by MIT and Stanford University.  ...

    Because earlier versions of PGP (including MIT's Beta test PGP 2.5
    release) will not be able to read messages created by PGP 2.6
    after September 1, 1994, MIT strongly urges all PGP users to
    upgrade to the new format.

    The intent of the format change is to discourage continued use of
    earlier infringing software in the U.S., and to give people
    adequate time to upgrade.  As part of the release process, MIT
    commissioned an independent legal review of the intellectual
    property issues surrounding earlier releases of PGP and PGP
    keyservers.  This review determined that use of PGP 2.3 within the
    United States infringes a patent licensed by MIT to RSADSI, and
    that keyservers that primarily accept 2.3 keys are mostly likely
    contributing to this infringement.  ...

The problem is that messages generated by PGP 2.6 after 9/1/94 will
also be unreadable by PGP 2.4 (VIACRYPT PGP) which is completely
legal for both private and commercial use in the USA because it has
a license issued by RSADSI.  This is the -only- version of PGP which
may be legally used commercially.

They will also be unreadable to users of PGP 2.3 who reside overseas.
These persons are not violating RSA's patents because those patents
are not valid overseas.

I will not willingly give up my current ability to exchange encrypted
e-mail with commercial entities, or with users outside the USA/Canada.

What is the legal status of PGP 2.5, which does not have this delayed
action crippling "feature"?  Is the 2.5 license valid?  If so, why
would anyone in their right mind switch from 2.5 to 2.6?

Why is RSADSI and MIT acting against the interests of their own
licensee, ViaCrypt?  (And shooting themselves in the foot by reducing
their ViaCrypt royalty income)?

Enquiring minds want to know!

--
edgar at spectrx.sbay.org (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005  Cupertino, Ca







More information about the cypherpunks-legacy mailing list