Original PGP Source Code Post

[Jason Evans]

Hi all,

This is a big long shot, but I would like to know if anyone has a copy of
the original PGP source code post for PGP from June 1991. It's not on
Google Groups. I found the original binary posts to alt.source in a
shovelware cdrom image on archive.org but not the actual source code post.

Also, I have the pgp10.zip file that was uploaded to ftp servers at the
time that contains the source code. I want to get a copy of the actual
first source code post itself.

--
JE

[Grant Taylor]

On 9/22/20 5:19 AM, Jason Evans wrote:
> Hi all,

Hi,

Have you tried looking through the various Usenet archives? I know that
there are a number of them on The Internet Archive? There are a few
other places too.



--
Grant. . . .
unix || die

[Faux Dameron]

On Tue, 22 Sep 2020 09:17:41 -0600, Grant Taylor wrote:

> On 9/22/20 5:19 AM, Jason Evans wrote:
>> Hi all,
>
> Hi,
>
> Have you tried looking through the various Usenet archives? I know that
> there are a number of them on The Internet Archive? There are a few
> other places too.

Yup, I've already downloaded most of them from Internet Archive for my
own use. It's strange. I see messages from around that week, but not
those actual articles. It was a miracle finding the articles that I did
find and those weren't in any of the other sources.

[Adam Sampson]

Jason Evans <jse...@mailfence.com> writes:

> This is a big long shot, but I would like to know if anyone has a copy
> of the original PGP source code post for PGP from June 1991.

Looking at the very end of the utzoo Usenet archive, there's some
relevant discussion in comp.binaries.ibm.pc on 22nd June 1991:

Nelson Bolyard:
> A short while back, someone posted an article in a whole bunch of
> newsgroups, announcing a new piece of software called "Pretty Good
> Privacy". The announcement said that binaries for the IBM PC would
> appear in c.b.i.p. [...] Did it ever get submitted to the c.b.i.p
> moderator? Is it scheduled to be posted?

Bill Davidson:
> As far as I can tell it was never submitted. I keep a record of
> anything I get, even if I reject it, and I see no evidence that I got
> it. If it was encryption software I would not post it because of the
> ban on exporting certain technology. And I bet the ftp sites in the US
> wouldn't carry it either, as was done with pkzip at one point.

Arthur Rubin:
> I got [the PGP binaries and source] by ftp from somewhere, I believe
> the author's machine. I think he said he decided not to upload them
> because of some corespondance with PKP or RSA.

So it might be that they weren't posted to Usenet as quickly as the
original 7th June 1991 announcement suggested. (The announcement itself
shows up first in RISKS Digest 11.86, on 11th June.)

--
Adam Sampson <a...@offog.org> <http://offog.org/>

[Nomen Nescio]

The only archive from that era that I know of (UTZOO tapes) does not
include sci.crypt in it. There are couple mentions of PGP and Zimmermann
in 1991, but I can't find the original post. If you're interested, UTZOO
tapes are available on archive.org

[Stefan Claas]

Hi,

looks like the source code is available here, from different sources
and in different file sizes.

https://www.mmnt.ru/int/get?st=pgp10src

Regards
Stefan

[Stefan Claas]

I did a little search and found these links. Hopefully they contain the
correct source code.

https://www.mmnt.ru/int/get?st=pgp10src

Regards
Stefan

[Jason Evans]

I just wanted to share this since I finally found it in case anyone is
interested.

---------------
From: ke...@well.sf.ca.us (Kelly Goen)
Newsgroups: alt.sources
Subject: Pretty Good Privacy(tm) Email Privacy Module Sources 1/5
Message-ID: <25...@well.sf.ca.us>
Date: 6 Jun 91 21:07:36 GMT


This is release file 1/5 of Phil Zimmermans Pretty Good Privacy(tm)
An RSA/Hybrid Email Privacy System release under the aegis of Copyleft.
Although the source code and Binaries are totally Freeware, the algorithms
embedded within are Patented Items. PK Partners of Sunnyvale, California
is the current holder of the Patents. To utilize this software for other
than
educational purposes(i.e. Real Life Usage) you should Contact PK Partners
and obtain Licensing. The author accepts no liability for your actions in
either case. Contact Information for PK Partners is given in the
documentation.

section 1 of uuencode 2.8 of file pgp10src.zip by R.E.M.
----------------

Found here: https://archive.org/details/CDROM_March92
File: /usenet/altsrcs/3/3463

__
JE

[J. Clarke]

On 15 Oct 2020 11:42:27 GMT, Jason Evans <jse...@mailfence.com>
wrote:

OK, so as of 6 Jun 1991 it was patented. In the US patents are in
force for at most 20 years, so that one expired in or before 2011. And
releasing something as "open source" and then claiming patent on the
algorithms is assholery IMO.

[Ahem A Rivet's Shot]

On Thu, 15 Oct 2020 08:10:15 -0400
J. Clarke <jclarke...@gmail.com> wrote:

> OK, so as of 6 Jun 1991 it was patented. In the US patents are in
> force for at most 20 years, so that one expired in or before 2011. And
> releasing something as "open source" and then claiming patent on the
> algorithms is assholery IMO.

Why ? The idea of a patent is to allow (and require) publishing of
the details of an invention in return for disallowing others to exploit it
without permission. Not that different to open source really.

--
Steve O'Hara-Smith | Directable Mirror Arrays
C:\>WIN | A better way to focus the sun
The computer obeys and wins. | licences available see
You lose and Bill collects. | http://www.sohara.org/

[Peter Flass]

That’s what struck me, too. Would that imply that you could recompile
and/or use the software but not modify it? That conflicts with the
definition of open source.

--
Pete

[Dennis Boone]

> And releasing something as "open source" and then claiming patent on the
> algorithms is assholery IMO.

What it says is that Public Key Partners (basically RSA if you don't
look too close) holds the patents, not Zimmerman. If you want to throw
"assholery" here, you're going to have to throw it at the patent system.

De

[Grant Taylor]

On 10/15/20 8:28 AM, Peter Flass wrote:
> That conflicts with the definition of open source.

"Open Source" can mean a LOT of different things. Anything from "you
are strictly bound by an NDA after having seen our source code, despite
the fact that you can't do anything with what you've seen" to "here it
is, do whatever you want with it, just don't blame us".

[Peter Flass]

I suppose you can patent it and release the patented object into public
domain to prevent anyone ELSE from patenting it, but that’s not what
they’re saying, either. Sounds like someone should have gotten good legal
advice.

--
Pete

[Ahem A Rivet's Shot]

On Thu, 15 Oct 2020 07:28:44 -0700

Peter Flass <peter...@yahoo.com> wrote:

> J. Clarke <jclarke...@gmail.com> wrote:

> > OK, so as of 6 Jun 1991 it was patented. In the US patents are in
> > force for at most 20 years, so that one expired in or before 2011. And
> > releasing something as "open source" and then claiming patent on the
> > algorithms is assholery IMO.
> >
>
> That’s what struck me, too. Would that imply that you could recompile
> and/or use the software but not modify it? That conflicts with the
> definition of open source.

It would imply that for any commercial use you would have to get
permission from the patent holders and they may take the opportunity to
charge a royalty for such permission.

[Scott Lurndal]

I suspect that speculating about anything without the actual facts is
pointless.

[Ahem A Rivet's Shot]

On Thu, 15 Oct 2020 11:57:52 -0700
Peter Flass <peter...@yahoo.com> wrote:

> I suppose you can patent it and release the patented object into public
> domain to prevent anyone ELSE from patenting it, but that’s not what
> they’re saying, either. Sounds like someone should have gotten good legal
> advice.

The patent applied to the algorithms so if you wanted to use those
algorithms commercially you had to get a licence no matter which
implementation you used. This enabled the patent holders to profit from
their invention.

The code of an implementation of those algorithms was released
under an open source license granting free use for educational purposes,
within that constraint it could (and still can) be freely copied and
modified under the usual copyleft constraints. This provided a free
testing, code review and bug fixing service for their reference
implementation.

A patent is a lot easier to enforce than the terms of a software
license as well as being more general - a clean room rewrite does not get
you past patent obligations. Even completely independent invention without
knowledge of the patent doesn't let you off the hook.

Since the patent process requires disclosure and publication of the
details of the invention (in this case algorithms) releasing source code for
educational purposes does not conflict with the patent in any way.

I'd say they had good legal advice and followed it to good effect.

[J. Clarke]

They probably did, for certain values of "good". I suspect from a
lawyers viewpoint such a scheme can be a potential gold mine, with
Supreme Court for the cherry on top.

[Andreas Kohlbach]

Just recall to have read a BYTE issue from probably 1977 where one of Ron
Rivest, Adi Shamir or Leonard Adleman introduced RSA (you can see where
"RSA" comes from ;-) to the public. And two BASIC programs to en- and
decode some text. I think they used 32bit and it still took hours or
days. :-)
--
Andreas

https://news-commentaries.blogspot.com/

[Jason Evans]

On Thu, 15 Oct 2020 08:10:15 -0400, J. Clarke wrote:

> OK, so as of 6 Jun 1991 it was patented. In the US patents are in force
> for at most 20 years, so that one expired in or before 2011. And
> releasing something as "open source" and then claiming patent on the
> algorithms is assholery IMO.

I found the following email from the cypherpunks mailing list archive:

http://mailing-list-archive.cryptoanarchy.wiki/archive/
1993/08/5ca690ad6796b55eef7d9dc85bd25e6b3e26a26bd7d2c89181027458678d239b/

------------
Several items of potential interest:

1. RSA did not know of the ViaCrypt deal until after it was signed
last Sunday. ViaCrypt's license allows it to put whatever it wants
around the RSA core....it has picked PGP as the wrapper. RSA can't
really object to this, provided the RSA core is as the contract with
ViaCrypt specifies.

2. Phil will carefully inspect the code, including the RSA part, and
is confident no funny business is planned by ViaCrypt or anyone else.

(I have to trust Phil on this matter more than any "panel" or the
like....after all, he wanted to put trapdoors in, he could in the
existing PGP--though of course this is highly unlikely to have been
put in in the first place and to have remained undiscovered all this
time.)

3. There's a bunch of confusing--to me--stuff about U.S. versions,
European/foreign versions, what can and can't be exported and
imported, the ITAR (International Traffic in Arms Regulations), and so
on. Basically, there may be separate European versions, possibly using
different code. Triple DES may be used in some versions (don't ask me
for details....I'm not sure of the tradeoffs between DES and
IDEA...perhaps the deal to use IDEA doesn't fit with a commercial
version of PGP).

4. I showed Phil the MacPGP 2.3 program on my PowerBook 170. The
"help" system especially impressed him (it does me, too). He is not
closely connected with Zig F.'s Macintosh development.

5. Integrating PGP with mailers--the "elm" and MIME ideas that keep
surfacing--is still being debated. Running PGP on a machine outside
one's own control is always dangerous, but, let's face it, is how
_many_ people are already using PGP and how many of the future
corporate customers will be likely to use it.

(The PGP secret key will then be found scattered around in backups, on
other disks, etc. Even the manually-entered passphrase is *not
sufficient*, as many systems have "scrypt" and similar
keystroke-capture programs automatically recording all keystrokes.
Even my Macintoshes capture all keystrokes ("Last Resort," "Thunder 7,
etc., have such utilities).

This is an unresolved issue! (Talk of using smartcards, RSA cards,
Newton-like PDAs, etc., is one approach, but this moves away from ease
of use by requiring specialized hardware.)

6. Ease of use remains a problem. Phil mentioned again that he sends a
routine form letter out to all those who send him encrypted e-mail
explaining that it may take him several days to get around to reading
their messages...he has to do the same multi-step procedure of
downloading to his local PC, quitting, saving the file, starting PGP,
and so on. (Phil has never run PGP on a machine outside his control.)

7. Phil also wanted to talk about the political issues of RSA vs. PGP,
about my concerns some months back that the battle for strong crypto
would not be won with explicitly illegal programs, etc. I told him I
thought the ViaCrypt deal was a nearly perfect solution to these
concerns: individuals and corporations can now safely use PGP without
the fear of asset forfeiture or criminal prosecution should a zealous
prosecutor decide to "make an example" of them.

A legal version of PGP is the goal many of us were seeking. A major
win. I congratulate Phil for pulling this off.

8. Perhaps most ironically, David Sternlight (the neural net AI
automatic posting program I mentioned a few days ago) has asked to be
a beta site for the ViaCrypt program! Sternlight blesses
ViaCrypt...the mind boggles. (To be fair to Sternlight--something many
people may flame me for :-} --he never argued for a ban on crypto, or
for restrictions, only that a "legal" or "unencumbered" version be
used. Hence his involvement with RIPEM.)
------------