[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fixing pgp 2.6

I think there are some things being overlooked in this discussion.

First, note the strong hint in Schiller's message about operators of
key servers who accept pre-2.6 keys being guilty of contributory
infringement of the RSA patent.  I think we can expect strong legal
pressure from RSA to shut down the remaining U.S. key servers, even
those which don't use illegal versions of PGP.  They succeeded once in
shutting down the key servers which used PGP; they will succeed again
in shutting down the others due to the contributory infringement threat.

For the same reason, hopes of getting a non-RSA-approved "2.6a" (hacked
to be backwards compatible with 2.3) widely available in the U.S. are
not well founded.  FTP sites which hold programs or even patch files to
allow 2.6 to interoperate with 2.3 will be targetted by RSA as
contributory infringers.  In short, the legal advantages PGP 2.6 will
have over unapproved versions will be strong enough that it will be
widely used in the U.S.

However, this does not mean the loss of international encrypted
communications.  The solution is simple.  PGP 2.3a will be patched to
be compatible with PGP 2.6.  I don't know what we'll call it,
"PGP2.3e", perhaps, where "e" is for Europe.  2.3e will have the speed
advantages of 2.3a, no copyright problems with RSAREF use, be perfectly
legal outside the U.S., and will interoperate with 2.6.  Converting
from 2.3a to 2.3e will be no more difficult than converting from 2.2 to
2.3 was.

Although I hate Jim Bidzos' guts for what he has done to Phil, he holds
the legal upper hand for the next few years.  The present course does
allow for wider use of encryption by the public, which we can all support.
Look at it rationally, and 2.6 is a step in the right direction.


P.S. It's possible that pre-2.6 keys will not interoperate with 2.6,
in which case users of both 2.6 and what I am calling 2.3e will have to
generate new keys.  This is no great problem; people should make new
keys and retire their old ones every year or two anyway, IMO.