[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP bastardization (fwd)





On Wed, 13 Jul 1994, Philip Zimmermann wrote:
> Accordingly, I do not approve of anyone modifying the cryptographic
> characteristics of PGP.  PGP and Pretty Good Privacy are my trademarks,
> and their good name is trusted the world over because of the care that 
> I have exercised in selecting its algorithms.

Do you think you might supply a version in the future supporting
1) more session key bits, for user suplied algorithims.
2) larger public keys, with no arbitrary limits.

I would be likely to *BUY* such a program, but will not buy the current 
version of pgp especially with the restriction on key size.

Don't follow this up with "but it would take a gazilion universes twenty 
gogelplex years to solve this" as I am fully aware of the numbers, and 
disagree with 1024 as a reasonable number.

If you don't plan to relax this restriction, then you can expect people 
in areas where patents are not enforced to hack your algorithim.  Not a 
threat, or saying it is right, just a fact of life.

Also, as a legal issue, anyone could legaly and without fear of any 
sanction produce a "modification kit" in printed form that detailed the 
changes to be made to your code to become "snake oil" and such a 
modification kit would be protected under the 1st amendment, and totally 
outside the reach of you or any law enforcement agency.  This might not 
be "respectfull" to you, but it is totally acceptable, as long as they 
don't distribute the code for pgp2.6 with it.  Use could be another 
thing.

I would say the only way to accomidate this is to make a biger mousetrap 
for the parinoid.

Perhaps it should be called MGPD for Mega Good Privacy Dudez.:-).

Roger.