[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Zimmermann statement on PGP 2.6
The following message may be reposted to all interested newsgroups.
-----BEGIN PGP SIGNED MESSAGE-----
From: Philip Zimmermann, author of PGP
To: People interested in PGP
Date: 28 May 94
On 24 May 1994, the Massachusetts Institute of Technology released
PGP (Pretty Good Privacy) version 2.6. PGP is a software package
that encrypts electronic mail, using public key cryptography. Over
the past three years, PGP has become the worldwide de facto standard
for email encryption. PGP 2.6 is being published under the terms of
the RSAREF license from RSA Data Security, Inc (RSADSI). This is a
significant milestone in PGP's legal development.
Export of this software from the US or Canada may be restricted by
the US Government. PGP version 2.6 is being released through a
posting on a controlled FTP site maintained by MIT. This site has
restrictions and limitations which have been used on other FTP sites
to comply with export control requirements with respect to other
encryption software such as Kerberos and software from RSA Data
Security, Inc. These special mechanisms are intended to preclude
export of cryptographic software from the US. The MIT FTP site that
carries PGP is net-dist.mit.edu, in the pub/PGP directory.
This new freeware version of PGP is for noncommercial use. For
commercial use, you may get ViaCrypt PGP, available on a variety of
platforms. ViaCrypt may be contacted at 602-944-0773, or via email
at [email protected].
PGP 2.6 is as strong as earlier versions. It contains no back doors.
It can read messages, signatures, and keys from PGP versions 2.5,
2.4, 2.3a, and 2.3. Beginning in September, a built-in software
timer will trigger PGP 2.6 to begin producing messages, signatures,
and keys that cannot be read by earlier versions of PGP. It will
still retain its ability to read things from earlier versions after
that date, so that users who upgrade to 2.6 will not be
inconvenienced, particularly if everyone else upgrades by that time.
The reason for the change in format is to grant RSADSI's request to
MIT to encourage all users to stop using older versions. ViaCrypt's
new products will support the new formats used by PGP 2.6. Details
of the compatibility issues and their reasons are outlined in the PGP
User's Guide, included in the release package. See also the official
statements released by MIT for further details.
Version 2.6 also has some bug fixes and improvements of the version
2.5 released by MIT on 9 May 1994. Both the 2.5 and 2.6 versions
were produced in a joint project between myself and MIT. Both
versions were released by MIT after extensive review by MIT's
administration and their legal counsel. I am told by MIT that MIT's
legal counsel believes that both versions 2.5 and 2.6 do not infringe
the RSA patents in any way, and they both comply with the terms of
the RSAREF licenses that each were released under. But regardless of
the noninfringing nature of version 2.5, I urge all PGP users in the
US to upgrade to version 2.6, to help move toward eradication of
earlier, pre-RSAREF versions of PGP. This will improve the overall
political and legal landscape surrounding PGP. MIT will publish
details on the simple format change so that earlier European versions
of PGP may be independently upgraded by the Europeans.
This note does not attempt to answer all the questions you may have
about the implications of this new release of PGP. For further
details, see the information released by MIT, or see the PGP User's
Guide in the new release package.
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQCVAgUBLegMXmV5hLjHqWbdAQE0NAQAiTafSwM8eNfYYvkslNR6bun/GIelvziA
M/9h5fn3zUQt2Bc6rkuz1TBlnMZUoduufinI9eSr+cdXbfhxNIQmRArhw3EJd1f+
siZaPmTR3YXvUwuXMcruMbUvEYpSBmtBVrxTzxNSIwx3/hJJB2z9sT1/B+UZdFwi
EZX1O/mpiZw=
=ULD1
-----END PGP SIGNATURE-----