home *** CD-ROM | disk | FTP | other *** search
- -----BEGIN PGP SIGNED MESSAGE-----
-
- To: PGP users
- From: Philip Zimmermann
-
- I have received a many inquiries concerning the status of the various
- "international versions" of PGP(tm), called PGP 2.6ui, PGP 2.6.i, etc.
- There are, as many people know, serious restrictions placed on my
- statements by my lawyers, as a consequence of an ongoing criminal
- investigation by agencies of the United States Government. I have
- reviewed copies of the public distributions of these "versions" of PGP,
- and I have some observations to make.
-
- The US Government regards any unlicensed exportation of PGP from the
- USA as at least potentially in violation of its own regulations
- governing the export of cryptographic tenchnology. MIT and I took all
- reasonable steps to prevent such export of PGP. None of the current
- "international versions" of PGP is an official product of myself or
- Phil's Pretty Good Software. While I personally regard the application
- of export restrictions to software such as PGP as unjustifiable and
- harmful to the interests of both the US Government and its citizens, I
- do not condone violations of US export law, and I deplore the
- activities of those who illegally exported any version of PGP developed
- in the USA. Along with my lawyers, MIT, and others, I am implementing
- a plan of action that we hope will make PGP legally available
- throughout the world, for both commercial and non-commercial users who
- are interested in strong data encryption.
-
- The unofficial variant of PGP named PGP 2.6.i by its developers
- replaces RSAREF routines with other code implementing RSA-related
- algorithms. I am very familiar with that code, and while I tried to
- make PGP use RSAREF in a manner that did not suffer a performance
- penalty, I believe that these other subroutines are at least as
- efficient, as well as being functionally identical for PGP's purposes.
- Since the RSA patent does not exist outside the USA, it seems
- reasonable to not encumber European users with the RSAREF subroutine
- library and its own additional copyright restrictions (but there's no
- reason for people in the US to use PGP 2.6.i, and I urge them not to,
- because that version is not licensed by RSA). PGP 2.6.i also
- implements some bug fixes which are appropriate for the correction of
- errors in the official PGP 2.6.1 distributed by MIT; many of those bug
- fixes, or their precise functional equivalent, appear along with other
- bug fixes in PGP 2.6.2, planned for distribution by MIT on 24 October
- 1994. PGP 2.6.i also includes some minor functional enhancements --
- including recognition (and beginning in December 94, generation) of
- keys up to 2048 bits in length--that are consistent with planned future
- development of the official PGP freeware product. Based on my own
- review of the publicly-distributed source code, I believe that users of
- PGP 2.6.i will experience a smooth migration to future versions of PGP
- which I hope will be legally available for non-commercial and
- commercial use worldwide. The publisher of 2.6.i, Staale Schumacher in
- Norway, seems intent in supporting a version of PGP in Europe that is
- as consistent and as interoperable as possible with my own official PGP
- releases from MIT. He also seems willing to respect my copyrights, my
- trademarks, and my agenda for the future of PGP. And he tells me that
- has has carefully avoided exporting or encouraging the export of PGP
- from the US. I have no objection to him using the PGP trademark for
- the version of PGP that he has released.
-
- There will be a PGP RFC document released soon, to faciltate the
- development of PGP standards. The PGP RFC is an informational RFC, and
- is based on deployed code. After that, a standards-track RFC will
- likely be started on in an IETF working group, reflecting the new
- formats of PGP 3.0. This will stabilize PGP formats and facilitate
- other implementations that interoperate.
-
- I am continuing, along with other programmers dedicated to the
- improvement of public-key encryption for the masses, to develop PGP.
- Along with my lawyers, I am gradually implementing a plan of action
- that we hope will make such improved versions of PGP available both
- inside and outside the US, in full compliance with all applicable laws,
- including US technology export restrictions. Because of those
- restrictions, it would be ill-advised for me to participate in
- cross-border development of PGP at this time. PGP's home is in the US,
- at least for now. I cannot discuss, until the US Government alters its
- policies concerning export controls on cryptographic software, such
- cross-border development. I have read and regretted numerous Usenet
- news posts speculating on my abandonment of PGP users outside the US.
- Please be assured that this is not the case. A great deal of effort
- has been and will continue to be expended on serving the entire
- worldwide community of users in a lawful fashion. I want to thank all
- the users across the globe who have supported PGP, and me. Although I
- think these restrictions on our right to free expression of our
- technical ideas are at odds with the US Bill of Rights, I deplore the
- actions of those who have illegally evaded those restrictions by
- exporting PGP. I am doing everything I can to make strong data
- security available to everyone in the world, freely and legally. I
- hope all of you who believe in that goal will continue to support PGP.
-
- -Philip Zimmermann
- prz@acm.org
-
-
- -----BEGIN PGP SIGNATURE-----
- Version: 2.6
-
- iQCVAwUBLqf+fmV5hLjHqWbdAQHo/gP8CXX9APCu7Xj4v4e/hqsyXI0qAOF734ID
- 3cEPCxEoGe97r8LQ51jM0iwf6eyz9tr24aNdToggX2P3neDKd6LwwPxu+kDceLut
- Mmd4tK1Qj5kkWx/cjhNGamv/kD9IQyokvlCqXetGLhld0GNfO+FZyuWs583LC4gK
- x+5ZbxGdi2w=
- =uks5
- -----END PGP SIGNATURE-----
-
