What's really in PGP 5.5?

Jon Callas jon at pgp.com
Wed Oct 8 17:53:12 PDT 1997



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 08:48 PM 10/7/97 -0500, Bruce Schneier wrote:
   
   If this is true (and I have no reason to believe it isn't), then why is the
   key escrow code written (although not turned on) in the source code for 5.0
   that was posted internationally from PGP?
   
I just got through talking to one of the developers, and think I found what
you're talking about, Bruce.

In "pgp.c" of the Unix 5.0 published edition, there's some old Viacrypt code
with a comment that says, 'This is our version of "Commercial Key Escrow"' but
in fact just adds an additional recipient to the encryption list.

It is not in any shipping PGP product. If there's anything to laugh about
in all
this, if you try to use the feature in the Unix freeware, it core-dumps. It
doesn't appear at all in the Mac and Windows code.

It's completely gone as of now.

	Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5

iQA/AwUBNDwkNn35wubxKSepEQJMvACfWZHVKkYswR9xLibuY8496a4GcaAAoNSB
Yda/tOiQA1vLGocTL0N6XVj1
=LNYn
-----END PGP SIGNATURE-----


-----
Jon Callas                                         jon at pgp.com
Chief Scientist                                    555 Twin Dolphin Drive
Pretty Good Privacy, Inc.                          Suite 570
(415) 596-1960                                     Redwood Shores, CA 94065
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
              665B 797F 37D1 C240 53AC 6D87 3A60 4628           (RSA)







More information about the cypherpunks-legacy mailing list