Free PGP 5.52--Caveat
David Sternlight
Ed Stone wrote:
> In article <david-20119...@lax-ca66-11.ix.netcom.com>,
> da...@sternlight.com says...
> > The new Free PGP 5.52 is now up on the PGP web site.
>
> Exactly where on "the PGP web site"? Do you refer to:
>
> "PGPfreeware
> There will be a new full-featured freeware (non-commercial use)
> release of PGP for Personal Privacy next week. Please be
> patient." as mentioned at http://www.pgp.com/products/freeware.cgi as of this
> date (11/21/97)
>
> A search for 5.52 on http://www.pgp.com is unavailing. Can you be specific to
> URL? ;-)
You'll have to do your own homework on this.
By the way, PGPI2 is also trying to give the finger to US export laws without
actually violating them. Perhaps they're about to learn about the doctrine of
contributory felony violation of ITAR. Here's an excerpt from the 5.52
installer's README text on that point:
<begin quote>
PGP Freeware, Version 5.5
(Executable Object Code Version)
Copyright (c) 1990-1997 Pretty Good Privacy, Inc. All Rights Reserved.
For Non-Commercial Distribution and Use Only
Terms and Conditions
This special version of PGP, PGPfreeware 5.5, including the software and
its related user documentation, ("Software Product") is owned by Pretty
Good Privacy, Inc. (or "PGP") and is protected by copyright laws and
international copyright treaties, as well as other intellectual property
laws and treaties.
The makers of PGP, however, are committed to making freely available to
individuals around the world a trusted means to secure their personal
information and communications from unwanted invasions of privacy. To that
end, it is important that this Software Product be distributed from as many
Internet sites as possible. Accordingly, Pretty Good Privacy, Inc. (or
"PGP") is permitting the non-commercial use and non-commercial distribution
of this Software Product (i.e., PGPfreeware 5.5) within the scope of the
following licenses, provided that all of the terms and conditions set forth
below are complied with.
<end quote>
Dunno--perhaps MIT has refused to carry it because of their complete disabling
of RSA, so PGPI2 is getting desperate. We shall see.
And here's another goodie:
<begin quote>
PGP, ITS
SUPPLIERS AND OTHERS WHO MAY DISTRIBUTE THIS SOFTWARE PRODUCT DISCLAIM ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
CONFORMANCE WITH DESCRIPTION, AND NON-INFRINGEMENT, WITH RESPECT TO THIS
SOFTWARE PRODUCT. "
<end quote>
So if they supply an infringing product, it's your problem, not theirs.
And here's how they stand behind the product:
<begin quote>
THE CUMULATIVE LIABILITY OF PGP, ITS SUPPLIERS
OR OTHERS WHO MAY DISTRIBUTE THIS SOFTWARE PRODUCT, TO YOU OR ANY OTHER
PARTY FOR ANY LOSS OR DAMAGES RESULTING FROM ANY CLAIMS, DEMANDS OR ACTIONS
ARISING OUT OF OR RELATING TO THESE TERMS AND CONDITIONS SHALL NOT EXCEED
ONE U.S. DOLLAR.
<end quote>
And finally, here's the zinger I've been discussing:
<begin quote>
Please note that this PGPfreeware edition does not contain the old RSA public
key algorithm. The blue key icon represents an RSA key. You will not be able
to generate such keys, sign with them, encrypt to them, or decrypt with them.
<end quote>
I can't wait for the rationalizations of the above to start flowing from your
keyboard.
David
Ed Stone
-----BEGIN PGP SIGNED MESSAGE-----
In article <3475DB15...@sternlight.com>, da...@sternlight.com says...
<snip>
> And here's another goodie:
>
> <begin quote>
> PGP, ITS
> SUPPLIERS AND OTHERS WHO MAY DISTRIBUTE THIS SOFTWARE PRODUCT DISCLAIM ALL
> WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED
> WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
> CONFORMANCE WITH DESCRIPTION, AND NON-INFRINGEMENT, WITH RESPECT TO THIS
> SOFTWARE PRODUCT. "
> <end quote>
>
> So if they supply an infringing product, it's your problem, not theirs.
Gee, that is how they protect the user if they supply an infringing product?
Well here is how RSADSI stands behind their free product, RSAREF:
"6. Nothing in this agreement shall be construed as a representation
or warranty against infringement of any third party rights based
on use of the program."
Gosh, it looks like if RSADSI supplies an infringing product, it's your
problem, not theirs!
When may we expect to see the many interesting reasons why it is just fine
for RSADSI to not indemnify users of their free RSAREF against infringment,
and why it is simply evil of PGP Inc. to do likewise with their free product?
;-)
> And here's how they stand behind the product:
>
> <begin quote>
> THE CUMULATIVE LIABILITY OF PGP, ITS SUPPLIERS
> OR OTHERS WHO MAY DISTRIBUTE THIS SOFTWARE PRODUCT, TO YOU OR ANY OTHER
> PARTY FOR ANY LOSS OR DAMAGES RESULTING FROM ANY CLAIMS, DEMANDS OR ACTIONS
> ARISING OUT OF OR RELATING TO THESE TERMS AND CONDITIONS SHALL NOT EXCEED
> ONE U.S. DOLLAR.
> <end quote>
Well those rascals at PGP Inc.!! Let's see how RSADSI supports their free
RSAREF product in this regard:
"3. NO RSA OBLIGATION. You are solely responsible for all of your
costs and expenses incurred in connection with the distribution
of the Program or any Application Program hereunder, and RSA
shall have no liability, obligation or responsibility therefor.
RSA shall have no obligation to provide maintenance, support,
upgrades or new releases to you or to any distributee of the
Program or any Application Program.
4. NO WARRANTY OF PERFORMANCE. THE PROGRAM AND ITS ASSOCIATED
DOCUMENTATION ARE LICENSED "AS IS" WITHOUT WARRANTY AS TO THEIR
PERFORMANCE, MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE RESULTS AND PERFORMANCE OF
THE PROGRAM IS ASSUMED BY YOU AND YOUR DISTRIBUTEES. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU AND YOUR DISTRIBUTEES (AND NOT RSA)
ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR
CORRECTION.
5. LIMITATION OF LIABILITY. EXCEPT AS EXPRESSLY PROVIDED FOR IN
SECTION 6 HEREINUNDER, NEITHER RSA NOR ANY OTHER PERSON WHO HAS
BEEN INVOLVED IN THE CREATION, PRODUCTION, OR DELIVERY OF THE
PROGRAM SHALL BE LIABLE TO YOU OR TO ANY OTHER PERSON FOR ANY
DIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES, EVEN IF RSA HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES."
Looking forward to learning why this behavior on RSADSI's part is just fine!
;-)
<snip>
RSAREF license source: info.txt, in rsaref20.zip at
ftp://ftp.rsa.com/rsaref/dist/U.S.-only-b82661/
NOTE!! the last portion of the path above changes dynamically, and the
current path must be read at ftp://ftp.rsa.com/rsaref/README. This document
is NOT just passively lying about this web site... ;-)
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5
iQEVAwUBNHX9PoVSIIjbt1r5AQE4OwgAjC5R/eTsnw9bWtbOojKKHMZi1oG1KR4S
0eVXMZsKbHsZ7a1/gAvf2Gvw61JSABO1EgijsE/j9tezE7FuDe8zo9UcXX6nSHQj
xHtefutZvPtN9tWQ4fjAKavwio9Ak79rm8cYWbCfhfRXO7dS1aAw0D2emlUd7vz2
z6gUlzqCnxWkb5pF/ZDuZRw11TSYZQCBJzmB9JC5B4R4JiVxBLHlXTXlvF4Y6kFQ
LqbnCYrGo3//nuU/dHMKeVcVGPzasHdLHwFynA6TRgj9uuZd885Zf6IL9AK6IhfF
JW6g/RecQLVYzBjADWMNZxx/UMUN7jtXQAtE0Zc66D03t8sTVZw3KA==
=hpdr
-----END PGP SIGNATURE-----
--
-------------------------------
Ed Stone
est...@synernet-robin.com
remove "-birdname" spam avoider
-------------------------------
Greg Hennessy
In article <3475DB15...@sternlight.com>,
David, asking you to provide facts in support of yoru own argument is
*NOT* doing their onn homework. Stone did his homework, searching the
PGP home page. What you claimed was there isn't.
>And here's another goodie:
>
><begin quote>
>PGP, ITS
>SUPPLIERS AND OTHERS WHO MAY DISTRIBUTE THIS SOFTWARE PRODUCT DISCLAIM ALL
>WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED
>WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
>CONFORMANCE WITH DESCRIPTION, AND NON-INFRINGEMENT, WITH RESPECT TO THIS
>SOFTWARE PRODUCT. "
><end quote>
Is this any differnt from Netscape's:
>DISCLAIMER OF WARRANTY.
>
>Free of charge Software is provided on an "AS IS" basis, without
>warranty of any kind, including without limitation the warranties of
>merchantability, fitness for a particular purpose and
>non-infringement. The entire risk as to the quality and performance of
>the Software is borne by you. Should the Software prove defective,
>you and not Netscape assume the entire cost of any service and
>repair.
Or is this going to be yet another case of you loudly proclaiming you
can choose youm you excoriate?
Ed Stone
-----BEGIN PGP SIGNED MESSAGE-----
In article <347632DB...@sternlight.com>, da...@sternlight.com says...
>
>
> Ed Stone wrote:
>
> > How about these simple and obvious points:
> >
> > 1. If you don't like something about a FREE program, don't download it.
> > 2. If you wish to dictate to companies the features of their products
that
> > they must provide free of charge, or dictate to users what features they
must
> > have in the software they choose, you are minding other people's
business.
>
> I see. So 1. it is ok to screw the vast RSA-key user base on which PGP made
its
> reputation and without which PGPI2 probably wouldn't exist, and if they
don't
> like it, tough?
Somewhat less shrill, it is quite OK to offer a free product to those who
want it. It is quite OK to accept and use such free product if one chooses to
do so. Now if one is disappointed that PGP Inc develops and gives away free
products, "tough". And if one is unhappy that some choose to accept such free
software, "tough". Try to keep in mind that for less than the cost of
Filecrypt (which supports only RSA/MD5/IDEA), you can buy (yes, actually
purchase) software which supports RSA/MD5/IDEA and ALSO supports
DH/DSS/CAST/IDEA/TripleDES. Cheaper than FileCrypt, keyserver updates at the
click of a mouse, very nice. Encrypts, decrypts, signs, generates keys for
RSA and DH. Drag and drop GUI, app sits nicely on the taskbar. Choice. MIT,
PGP Inc., International, many flavors. Pick one that meets your needs and
enjoy.
> and 2. PGP owes no backward compatibility to that vast user base which
made
> their success possible, but is free to make them all rekey and get new
> signatures in aid of PGP's vendetta against RSADSI?
No, PGP Inc is not "free to make them all rekey and get new signatures". They
ARE free to offer products for purchase, or free of charge. People are free
to purchase them, or accept the free ones at no charge, should they be
satisfied with what the product offers them. Users are free to continue to
use what they have. In many cases, that will be very satisfactory. I would
strongly suggest that 2.6.x be retained by all who have it, and made widely
available into the future. They might also choose to add some capabilities.
Choice is good.
And given Mr. Sternlight's abundant declarations that Netscape/S/MIME would
give PGP Inc. a "near fatal disease", and given that Netscape/S/MIME requires
new keys, new apps, new certificates, and given that Netscape/S/MIME is
incompatible with PGP x.x.x, offering PGP 5.5 DH/DSS certainly is no more
disruptive than offering the Netscape crypto product. Live and let live.
There is room for all.
>
> Your ethics are most peculiar.
Well, gosh, that's the nicest thing you've said about my ethics in quite a
while. ;-)
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5
iQEVAwUBNHZItoVSIIjbt1r5AQEMwAf+IddGteDYRb892ARCMGvOVtGA6ZSQzl6s
/glmbYNvxZtVGpkqHwyvP1V+x8/AUa2nY4ldZmstyDvfXEpFPGesourzn3k1WfVX
1OpC8Ka4QTmYEGDb7SCBNZMtstoGb+w/XVqFn7qInI0PXQ9Yl45fNrY4HeW7iGN9
5Ww+5J5q8kQDa8kLY9SCqLNYt1ZpkKoL1PjxT/VI8SO7U4KkgLBWMxCSh9Ti+KrH
FMo9z0HCwpC0Tauk21Tk2v0zIiaDF0CS72HTw22TBilKtCKyo3MNIoFgUHIJJl/w
CDQVZMT5FEqmKlvGZ3Cc5AJK8ixHceEAMh930MKF1+pQDji/SXF+lw==
=7kxc
Ed Stone
-----BEGIN PGP SIGNED MESSAGE-----
In article <3475DB15...@sternlight.com>, da...@sternlight.com says...
> Ed Stone wrote:
>
> > In article <david-20119...@lax-ca66-11.ix.netcom.com>,
> > da...@sternlight.com says...
> > > The new Free PGP 5.52 is now up on the PGP web site.
> >
> > Exactly where on "the PGP web site"? Do you refer to:
> >
> > "PGPfreeware
> > There will be a new full-featured freeware (non-commercial use)
> > release of PGP for Personal Privacy next week. Please be
> > patient." as mentioned at http://www.pgp.com/products/freeware.cgi as of
this
> > date (11/21/97)
> >
> > A search for 5.52 on http://www.pgp.com is unavailing. Can you be
specific to
> > URL? ;-)
>
> You'll have to do your own homework on this.
Yep, that's the URL I suspected you were referring to. ;-)
<snip>
> Please note that this PGPfreeware edition does not contain the old RSA
public
> key algorithm. The blue key icon represents an RSA key. You will not be
able
> to generate such keys, sign with them, encrypt to them, or decrypt with
them.
> <end quote>
>
> I can't wait for the rationalizations of the above to start flowing from
your
> keyboard.
Seems you've already determined that any response is a "rationalization". ;-)
How about these simple and obvious points:
1. If you don't like something about a FREE program, don't download it.
2. If you wish to dictate to companies the features of their products that
they must provide free of charge, or dictate to users what features they must
have in the software they choose, you are minding other people's business.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5
iQEVAwUBNHXrmYVSIIjbt1r5AQHyawgAqyZsXtrblJMo6N1451Ss/hqpQiVx3vBe
NvOk0ns7UCm72kn4PjUQZq2fpJ5OolQjpAqNqNckaYkD/1gqHuJMM7hCbGZRobWv
NYJNfRGWtbnM/YWOFYUZKfrTOf1Ew5Q49abyO+hga+0PxeD58qYaRBiCQ8QwVoBi
qlhRyzpel0CY6FlSroBVrjOeSxF8D7mghqR9iKE/N7dYEbWNfL7+59eHOESgedBd
UpXYvxRmzR/xVjfyqyHrW1K380vrFC8BeugZMBDdp4aPrLX46e3OEZhOpDnTCxW9
DRHSCkZLVCWVveOtop/7Luect9HJCuvaQzD9DruE0181BYnJ5hRkZQ==
=4q11
Anthony E. Greene
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 21 Nov 1997 11:04:00 -0800, David Sternlight
<da...@sternlight.com> wrote:
>
>And here's how they stand behind the product:
>
><begin quote>
>THE CUMULATIVE LIABILITY OF PGP, ITS SUPPLIERS
>OR OTHERS WHO MAY DISTRIBUTE THIS SOFTWARE PRODUCT, TO YOU OR ANY OTHER
>PARTY FOR ANY LOSS OR DAMAGES RESULTING FROM ANY CLAIMS, DEMANDS OR
ACTIONS
>ARISING OUT OF OR RELATING TO THESE TERMS AND CONDITIONS SHALL NOT
EXCEED
>ONE U.S. DOLLAR.
><end quote>
I thought it was pretty standard to disclaim liability for freeware. I
happened to be using a freeware newsreader to read this newsgroup, so I
thought I'd take a look at the license. Here's an excerpt:
6. Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED UNDER
APPLICABLE LAWS, UNDER NO CIRCUMSTANCES, INCLUDING NEGLIGENCE, SHALL
FORTE AND ITS DIRECTORS, OFFICERS, EMPLOYEES, OR AGENTS BE LIABLE FOR
ANY INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES FOR
LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS
INFORMATION AND THE LIKE) ARISING OUT OF THE USE OF OR INABILITY TO USE
THE SOFTWARE OR ITS DOCUMENTATION, EVEN IF FORTE OR ITS AUTHORIZED
REPRESENTATIVE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In
no event shall FORTE's total liability to Licensee for all damages,
losses, and causes of action (whether in contract, tort, including
negligence, or otherwise) exceed the amount paid by Licensee for the
Software and its documentation.
Tony
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQCdAwUBNHXlSURUP9V4zUMpAQGXCAQ7BheP+LDu7+6Y3qagK3C20EJZNpMvJlFD
Xjf6wOGtxEokFxxbMl8mL2NuW22HXoo8s9C/dKFqwnlSz8xJX/N6dQbkcsAhiS0n
BTrgyyBxsyAhsel6ojvGH+RvQqdqGDAMDYNZwpyKAEw01tEPOkfaSfAT4cyW5nz1
85RULgDNIHfQH5Noj9dADw==
=aYHz
-----END PGP SIGNATURE-----
-------------------------------------------------------------
Anthony E. Greene <NoS...@pobox.com> NoSpam=agreene
Use PGP -- Envelopes and Signatures for Email
What is PGP? <http://www.pobox.com/~agreene/pgp/>
My PGP Key: <http://www.pobox.com/~agreene/pgp/agreene.key>
FREEWARE Win95 PGP 5.0: <http://web.mit.edu/network/pgp.html>
-------------------------------------------------------------
David Sternlight
Ed Stone wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> In article <3475DB15...@sternlight.com>, da...@sternlight.com says...
> <snip>
> > And here's another goodie:
> >
> > <begin quote>
> > PGP, ITS
> > SUPPLIERS AND OTHERS WHO MAY DISTRIBUTE THIS SOFTWARE PRODUCT DISCLAIM ALL
> > WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED
> > WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
> > CONFORMANCE WITH DESCRIPTION, AND NON-INFRINGEMENT, WITH RESPECT TO THIS
> > SOFTWARE PRODUCT. "
> > <end quote>
> >
> > So if they supply an infringing product, it's your problem, not theirs.
>
> Gee, that is how they protect the user if they supply an infringing product?
> Well here is how RSADSI stands behind their free product, RSAREF:
>
> "6. Nothing in this agreement shall be construed as a representation
> or warranty against infringement of any third party rights based
> on use of the program."
>
> Gosh, it looks like if RSADSI supplies an infringing product, it's your
> problem, not theirs!
Specious logic. RSADSI IS the licensor of the RSA patent. No third parties are
involved. In contrast, PGP licenses RSA from another. Third parties are
involved. Read my lips: The licensor of RSA is giving you a license in the case
of RSADSI. PGP is relying on an RSA icense from another in the case of PGP. Thus
you are in no danger of infringing RSA if you are licensed by RSADSI. You are
inconsiderable danger if you are licensed by PGP and they prove to have broken
their licensing agreement with RSADSI. SInce PGP knows there's a lawsuit to this
effect from RSADSI which they might lose, that they don't indemnify users is
shameful sleaze in my opinion. What they are saying, in effect, is that "If we,
PGP, are found to have violated our licensing agreement for RSA (and we know
there is just such a legal challenge pending) and that makes you an infringer,
it's your problem"
David
Ed Stone
-----BEGIN PGP SIGNED MESSAGE-----
In article <34763076...@sternlight.com>, da...@sternlight.com says...
No. From the Securities and Exchange Commission,
http://www.sec.gov/Archives/edgar/data/932064/0000950135-97-004156.txt,
Document filed 10/16/97:
"In addition, a patent developed at the Massachusetts Institute of Technology
("MIT") (U.S. Patent No. 4,405,829) and licensed to RSA (the "RSA/MIT
Patent"), the claims of which cover significant elements of RSA's products,
will expire on September 20, 2000, which may enable competitors to thereafter
market competing products which previously would have infringed the RSA/MIT
Patent.
You are wrong in stating that no third parties are involved. Specifically
4,405,829 is licensed to RSADSI. They have agreement with the owners of the
patent to license others. Further (obviously) RSADSI goes to some pain to
overtly disavow "any warranty against infringement of any third party rights
based on use of the program."
> In contrast, PGP licenses RSA from another.
See above.
> Third parties are
> involved. Read my lips: The licensor of RSA is giving you a license in the
case
> of RSADSI. PGP is relying on an RSA icense from another in the case of PGP.
Just as you are relying on Rivest, Shamir and Adleman having licensed RSADSI,
and on RSADSI complying with its agreement with Rivest, Shamir and Adleman
regarding its licensing practices. Third Party.
> Thus
> you are in no danger of infringing RSA if you are licensed by RSADSI. You
are
> inconsiderable danger if you are licensed by PGP and they prove to have
broken
> their licensing agreement with RSADSI. SInce PGP knows there's a lawsuit to
this
> effect from RSADSI which they might lose, that they don't indemnify users
is
> shameful sleaze in my opinion.
You actually assert that upon being served with lawsuit alleging
infringement, one should, on that basis, change the indemnification of
licensees? If you actually believe that, what were your public criticisms of
RSADSI in this regard during the active suit by Cylink, prior to its
resolution? (Cites, please.)
The selective finding of sleaze is well noted.
> What they are saying, in effect, is that "If we,
> PGP, are found to have violated our licensing agreement for RSA (and we
know
> there is just such a legal challenge pending) and that makes you an
infringer,
> it's your problem"
Yep, same thing RSADSI says in the RSAREF license terms:
"6. Nothing in this agreement shall be construed as a representation
or warranty against infringement of any third party rights based
on use of the program."
Gosh, it looks like if RSADSI supplies an infringing product, it's your
problem, not theirs!
Nice try. No sale.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5
iQEVAwUBNHZDAYVSIIjbt1r5AQFqJQf8DxXAA4sCy3RrUJrnZKPn8wZAuHAk8LnI
+gtpvKb19CwB+h/+qPQRBOTeaEfj+Gt4XtoJgvLiztx1s51Yt98HeRaZBd3olMHX
fMft6b7qMUlpXe6Mo4nNjTpbwx09lFvJhq539HuInpdjIDLd89igfU8ND93IxeP0
A4s7RZ+zAjWIrGYlZhD0o89qiPqF9SAx/8PgMqWQBQ6dsUM5cFqls8DwId/qI1uN
xzdPhVsi9m/wU+Vr6NrP/uGK15tqYYq3ByLEF/Cqdx0+A/OSylpav6zNxcIzTy0z
ED5Fz+RBo23NS3XglKz0DbEuSYSM1KKozosXC3H+fNVwVW/aD9MO3w==
=el6/
Ed Stone
-----BEGIN PGP SIGNED MESSAGE-----
In article <655jb4$v...@camel20.mindspring.com>, Is...@yellow.submarine.pla
says...
> In article <MPG.ee00d243...@news.vnet.net>, Ed Stone wrote:
> >You actually assert that upon being served with lawsuit alleging
> >infringement, one should, on that basis, change the indemnification of
> >licensees? If you actually believe that, what were your public criticisms
of
> >RSADSI in this regard during the active suit by Cylink, prior to its
> >resolution? (Cites, please.)
> >The selective finding of sleaze is well noted.
>
> Ed, you know fully well were this line of argument will lead. David
> can excoriate or fail to excoriate at his whim.
His excoriations are very selective, but clearly patterned. I can state the
"excoriation criteria" in four words.
>
> I once had an acquaintance who when caught in seeming logical
inconsistencies
> like the one you point out above, simply admitted to having double
standards.
> This normally ended any further need to argue.
It sounds reasonable, that admission of double standards would end the need
to point it out. Some would rather contort into a combination Rube Goldberg
device - Philadelphia pretzel, rather than admit an obvious double standard,
and in so doing, sometimes create a triple standard.
Evidently, I have suffered the fate of being un-killfiled by DS. If I play my
cards right, I can regain that highly desired status in about one week.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5
iQEVAwUBNHZXsYVSIIjbt1r5AQEpnAgAi7Jl+a6YdGjSsmSFycNfGfy6mrBEOl6L
wHc3CRG4VURRxSAlk4HX/42N7u+DZNGEM3Intp8dzyAMZ4EdSMtF6jrZxd/nJQhw
cSyINWeF3ozklVSHBghmo91ZCHlpgudP9rTUGUaik6icZYYpw04NmF92Rp8v8cPe
LEqQVB5Hn+HWajzT05WagZWolDQ4yKW2avUperN7Z5VQt7wTp304j784zWzM0Fd1
vT0m2AnbJy/kFRO4N6Dta/14fCdgrjIaHWzHAMWd2Qq/9ikVpeSk3Ft4xwsZ6rJI
89cy4LciqvAKxrEF+fgwiWKwwTOaXbqj6RqWwHswa+2FRatJBCeI1g==
=me06
David Sternlight
Ed Stone wrote:
> How about these simple and obvious points:
>
> 1. If you don't like something about a FREE program, don't download it.
> 2. If you wish to dictate to companies the features of their products that
> they must provide free of charge, or dictate to users what features they must
> have in the software they choose, you are minding other people's business.
I see. So 1. it is ok to screw the vast RSA-key user base on which PGP made its
reputation and without which PGPI2 probably wouldn't exist, and if they don't
like it, tough?
and 2. PGP owes no backward compatibility to that vast user base which made
their success possible, but is free to make them all rekey and get new
signatures in aid of PGP's vendetta against RSADSI?
Your ethics are most peculiar.
David
Isaac
In article <MPG.ee00d243...@news.vnet.net>, Ed Stone wrote:
>You actually assert that upon being served with lawsuit alleging
>infringement, one should, on that basis, change the indemnification of
>licensees? If you actually believe that, what were your public criticisms of
>RSADSI in this regard during the active suit by Cylink, prior to its
>resolution? (Cites, please.)
>The selective finding of sleaze is well noted.
Ed, you know fully well were this line of argument will lead. David
can excoriate or fail to excoriate at his whim.
I once had an acquaintance who when caught in seeming logical inconsistencies
like the one you point out above, simply admitted to having double standards.
This normally ended any further need to argue.
Isaac
David Sternlight
Ed Stone wrote:
> > Thus
> > you are in no danger of infringing RSA if you are licensed by RSADSI. You
> are
> > inconsiderable danger if you are licensed by PGP and they prove to have
> broken
> > their licensing agreement with RSADSI. SInce PGP knows there's a lawsuit to
> this
> > effect from RSADSI which they might lose, that they don't indemnify users
> is
> > shameful sleaze in my opinion.
>
> You actually assert that upon being served with lawsuit alleging
> infringement, one should, on that basis, change the indemnification of
> licensees? If you actually believe that, what were your public criticisms of
> RSADSI in this regard during the active suit by Cylink, prior to its
> resolution? (Cites, please.)
My version of RSAREF (and anyone else's who got original PGP 2.x from MIT)
carried an explicit indemnification from RSADSI against third party suits,
promising that RSADSI would pay to defend such suits on my behalf and pay any
judgements against me. There was no provision in that license for RSADSI to
withdraw that indemnification. Later versions of the license may have changed,
but as I and most of the original user base were so indemnified, your comment is
not only wrong-headed but also I suggest you know it.
I have never, in any version of PGP, seen PGP Inc. offer such an indemnity with
respect to their code,
Time to stop posting deliberately provocative nonsense.
David
David Sternlight
Ed Stone wrote:
> Evidently, I have suffered the fate of being un-killfiled by DS. If I play my
> cards right, I can regain that highly desired status in about one week.
So you hope to be able to attack me here while being immune to any response? And
you don't find that at all cowardly?
Actually, you can avoid responses from me here simply by ceasing your attacks.
It lies entirely in your hands.
David
Ed Stone
In article <3476B840...@sternlight.com>, da...@sternlight.com says...
>
>
> Ed Stone wrote:
>
>
> > Evidently, I have suffered the fate of being un-killfiled by DS. If I play my
> > cards right, I can regain that highly desired status in about one week.
>
> So you hope to be able to attack me here while being immune to any response? And
> you don't find that at all cowardly?
What I find that is, uh, "paranoid" and "delusional", and I quote from parts
of your many psychobabble posts. ;-)
>
> Actually, you can avoid responses from me here simply by ceasing your attacks.
> It lies entirely in your hands.
"If you'd had supper on the table on time, dear, I wouldn't have had to beat
you. Don't make me beat you again." ;-)
Now let's get back to cryptography! Can you refresh me on your findings when
I asked you to back up your assertion that "S/MIME provide[s] stronger crypto
than PGP"? ;-) I'm sure, out of "simple equity", you'll want to either
provide support for your assertion, or correct your error. ;-)
Ed Stone
In article <3476B570...@sternlight.com>, da...@sternlight.com says...
<snip>
> > You actually assert that upon being served with lawsuit alleging
> > infringement, one should, on that basis, change the indemnification of
> > licensees? If you actually believe that, what were your public criticisms of
> > RSADSI in this regard during the active suit by Cylink, prior to its
> > resolution? (Cites, please.)
>
> My version of RSAREF (and anyone else's who got original PGP 2.x from MIT)
> carried an explicit indemnification from RSADSI against third party suits,
> promising that RSADSI would pay to defend such suits on my behalf and pay any
> judgements against me. There was no provision in that license for RSADSI to
> withdraw that indemnification. Later versions of the license may have changed,
> but as I and most of the original user base were so indemnified, your comment is
> not only wrong-headed but also I suggest you know it.
We've been thru this before. On that prior occasion, you first said there
were no such terms for RSAREF. I provided cite to RSA's web site. You
next responded that it was just some document passively lying around on A
website. I responded that the date was more recent than then one you cited on
a prior release of RSAREF and that the RSAREF path was refreshed every few
minutes for EAR reasons. You next responded that you were not talking about
freePGP so a reference to freeRSAREF terms was not apt. Now you say that
RSADSI needs provide no such indemnification because they are the licensor
and they themselves are not a licensee. I provide cite to RSADSI filing with
the SEC that states that the the patent at hand is licensed to them and thus
they are a licensee of the patent owner. Happy to refresh your memory.
Now you bemoan and slur a freePGP license that provides no indemnification
while accepting without question the absence of such protection in
freeRSAREF, and on the same date make a plea for "simple equity" from PGP?
You have no basis on which to assert such a plea.
Isaac
In article <3477fe3f...@news.concentric.net>, Norman Hirsch wrote:
>
>It would seem to me that everyone would benefit if RSA allowed PGP to
>include the RSA algorithm as an option without charge in the freeware
>version.
>
>I must be missing something because the above is too obvious.
Yes you are missing something.
PGP does include the RSA algorithm in some of it's freeware. Previous
free versions of PGP v5.0 lacked RSA key generation but did allow the
use of previously generated RSA keys. David is complaining about
a new free version that does not have any RSA key functionality.
Isaac
David Sternlight
In article <3477fe3f...@news.concentric.net>, NOSPAM...@nha.com wrote:
>The quoted legalese(s) is(are) not uncommon in almost every software
>package.
>
>Let me see if I understand the basic argument going on here.
>
>RSA charges PGP to include their algorithm.
>
>PGP wants to give strong cryptography to the user (but charge for
>their products when used in business).
>
>PGP obviously cannot give away RSA as a part of their free package if
>they PGP has to pay RSA to include it.
Wrong. RSA provides a free package called "RSAREF" which has been used in
previous versions of free PGP (MIT 2.x, 5.0). It contains everything
needed to do RSA decryption, encryption, key generation. There is no legal
dispute between PGP and RSADSI about that license, and no charge for the
license as long as it's non-commercial.
> How can they provide
>freeware and still hope to exist by having to pay RSA the licensing
>fee?
They don't have to pay RSA any fees for use of RSAREF.
>
>So PGP removes the RSA algorithm from the other algorithms they
>provide in order to still provide the freeware.
No. IMHO they do it to try to force the huge base of free PGP RSA-key
users to switch away from RSA. It's a consequence of their dispute with
RSADSI over the license for RSA in commercial PGP, not free PGP, where
they are accused of many license violations by RSADSI. They are trying,
IMHO, to make free users (where there is no such dispute) switch so that
they can make credible claims about the size of the user base in selling
pay PGP, and promoting open PGP. And I can't help feeling there's a spite
element as well.
>
>Meanwhile PGP does include the RSA algorithm in the Business Version
>which users do pay for.
>
>Am I ok so far?
No.
>
>So David gets pissed at PGP because they are dropping RSA from the
>huge installed base of PGP freeware users.
Yes.
>
>And various other issues flare up which are peripheral to the above.
>
>Am I still interpreting this right?
Dunno.
>
>If so, then I would think that David should get pissed at RSA instead
>for not allowing PGP to distribute the RSA algorithm free with the
>freeware version?
But they have always allowed PGP to use RSAREF free, for free PGP, ever
since MIT version 2.x.
>
>It would seem to me that everyone would benefit if RSA allowed PGP to
>include the RSA algorithm as an option without charge in the freeware
>version.
Agreed. But the bad guy here is PGPI2, not RSADSI. See above.
>
>I must be missing something because the above is too obvious.
Yup. See above.
David
--
The search for a single solution to each of the problems of mankind inevitably leads to tyranny.--Sir Isaiah Berlin, d. Nov 5, 1997
David Sternlight
Isaac wrote:
> In article <3477fe3f...@news.concentric.net>, Norman Hirsch wrote:
> >
> >It would seem to me that everyone would benefit if RSA allowed PGP to
> >include the RSA algorithm as an option without charge in the freeware
> >version.
> >
> >I must be missing something because the above is too obvious.
>
> Yes you are missing something.
>
> PGP does include the RSA algorithm in some of it's freeware. Previous
> free versions of PGP v5.0 lacked RSA key generation but did allow the
> use of previously generated RSA keys. David is complaining about
> a new free version that does not have any RSA key functionality.
>
> Isaac
You are too kind to PGP Inc. Free PGP 5.0 didn't "lack" RSA key
generation. It was present in the same version of RSAREF they used there
and in Free PGP 2.x. They simply didn't enable it, thus gratuitously giving
users the finger.
David
David Sternlight
Isaac wrote:
> In article <david-22119...@lax-ca66-15.ix.netcom.com>,
> David Sternlight wrote:
> >No. IMHO they do it to try to force the huge base of free PGP RSA-key
> >users to switch away from RSA. It's a consequence of their dispute with
> >RSADSI over the license for RSA in commercial PGP, not free PGP, where
> >they are accused of many license violations by RSADSI. They are trying,
> >IMHO, to make free users (where there is no such dispute) switch so that
> >they can make credible claims about the size of the user base in selling
> >pay PGP, and promoting open PGP. And I can't help feeling there's a spite
> >element as well.
> >
> David is right about the facts, but I don't think they lead to his
> conclusions above. No one can force the users of free PGP to
> switch away from RSA keys. If they don't want to lose the web of
> trust they've built up, I'd expect they'd be very reluctant to
> generate new keys. I'd expect these users to simply pass on Phil's
> new free software.
Then they can't interoperate with users who have chosen the new keys. In my
opinion it's simple extortion to force free PGP users to drop RSA.
> They'll switch when the find that the new
> keys are more universally used than their current ones. This is
> likely to happen if the commercial versions feature the new keys.
> I think the license dispute with RSADSI is reason enough to
> not feature RSA keys in the commercial versions.
But that's another evidence that what's going on is extortion of Free PGP
users. Most commercial versions of PGP do use and generate RSA keys.
What's going on is, in my opinion, simple. There are relatively few users of
the "new" keys in commercial PGP (compared to, say, Verisign or PGP-RSA). So
to get any credibility at all, they have to force users of Free PGP to switch
to the new key approach so they can make claims about a user base for those
keys in order to gain market and IETF credibility.
>
>
> I don't think that anyone deserves any ire for features they do or do
> not put in free software. If you don't like it, try to remember what
> you paid for it. And did the still free PGP 2.6 magically disappear from
> archives and hard drives?
That's not the point. History didn't start with PGP 5.5. They owe their
reputation and any commercial success to the huge free user base for PGP-RSA,
and thus it is pretty shoddy treatment. Can you say "biting the hand that
made it possible for one to be fed"?
>
>
> >Agreed. But the bad guy here is PGPI2, not RSADSI. See above.
> >
>
> There is no bad guy here.
He attempted to lay the blame for the situation on RSADSI, because of a
failure to understand that RSADSI provides RSAREF free. Any blame belongs at
the doorstep of PGP Inc.
David
Norman Hirsch
The quoted legalese(s) is(are) not uncommon in almost every software
package.
Let me see if I understand the basic argument going on here.
RSA charges PGP to include their algorithm.
PGP wants to give strong cryptography to the user (but charge for
their products when used in business).
PGP obviously cannot give away RSA as a part of their free package if
they PGP has to pay RSA to include it. How can they provide
freeware and still hope to exist by having to pay RSA the licensing
fee?
So PGP removes the RSA algorithm from the other algorithms they
provide in order to still provide the freeware.
Meanwhile PGP does include the RSA algorithm in the Business Version
which users do pay for.
Am I ok so far?
So David gets pissed at PGP because they are dropping RSA from the
huge installed base of PGP freeware users.
And various other issues flare up which are peripheral to the above.
Am I still interpreting this right?
If so, then I would think that David should get pissed at RSA instead
for not allowing PGP to distribute the RSA algorithm free with the
freeware version?
It would seem to me that everyone would benefit if RSA allowed PGP to
include the RSA algorithm as an option without charge in the freeware
version.
I must be missing something because the above is too obvious.
--------
On 21 Nov 1997 22:44:06 GMT, g...@clark.net (Greg Hennessy) wrote:
>In article <3475DB15...@sternlight.com>,
>David Sternlight <da...@sternlight.com> wrote:
>>You'll have to do your own homework on this.
>
>David, asking you to provide facts in support of yoru own argument is
>*NOT* doing their onn homework. Stone did his homework, searching the
>PGP home page. What you claimed was there isn't.
>
>>And here's another goodie:
>>
>><begin quote>
>>PGP, ITS
>>SUPPLIERS AND OTHERS WHO MAY DISTRIBUTE THIS SOFTWARE PRODUCT DISCLAIM ALL
>>WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED
>>WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
>>CONFORMANCE WITH DESCRIPTION, AND NON-INFRINGEMENT, WITH RESPECT TO THIS
>>SOFTWARE PRODUCT. "
>><end quote>
>
>
>Is this any differnt from Netscape's:
>
>>DISCLAIMER OF WARRANTY.
>>
>>Free of charge Software is provided on an "AS IS" basis, without
>>warranty of any kind, including without limitation the warranties of
>>merchantability, fitness for a particular purpose and
>>non-infringement. The entire risk as to the quality and performance of
>>the Software is borne by you. Should the Software prove defective,
>>you and not Netscape assume the entire cost of any service and
>>repair.
>
>Or is this going to be yet another case of you loudly proclaiming you
>can choose youm you excoriate?
>
>
--
Best regards,
Norman Hirsch Phone: 212-304-9660
NH&A Fax: 212-304-9759
577 Isham St. # 2-B BBS: 212-304-9759,,,,,,,3
New York, NY 10034 E-mail: NOSPAM...@nha.com
USA URL: http://www.nha.com
Norman Hirsch
On Sat, 22 Nov 1997 14:35:51 -0800, da...@sternlight.com (David
Sternlight) wrote:
>In article <3477fe3f...@news.concentric.net>, NOSPAM...@nha.com wrote:
>
--snip--
>>PGP obviously cannot give away RSA as a part of their free package if
>>they PGP has to pay RSA to include it.
>
>Wrong. RSA provides a free package called "RSAREF" which has been used in
>previous versions of free PGP (MIT 2.x, 5.0). It contains everything
>needed to do RSA decryption, encryption, key generation. There is no legal
>dispute between PGP and RSADSI about that license, and no charge for the
>license as long as it's non-commercial.
hmm.
>No. IMHO they do it to try to force the huge base of free PGP RSA-key
>users to switch away from RSA. It's a consequence of their dispute with
>RSADSI over the license for RSA in commercial PGP, not free PGP, where
>they are accused of many license violations by RSADSI. They are trying,
>IMHO, to make free users (where there is no such dispute) switch so that
>they can make credible claims about the size of the user base in selling
>pay PGP, and promoting open PGP. And I can't help feeling there's a spite
>element as well.
>
hmm. I don't know the details of the lawsuit but I wonder what you
or anyone else would do if you were sued by a company whose product
you included in your product. I don't think I would. I suppose
the inclusion of RSAREF would lead to increased RSA business.
I wonder if there is a simple description of what is going on in the
aforementioned lawsuit that one could access by Internet?
Isaac
>users to switch away from RSA. It's a consequence of their dispute with
>RSADSI over the license for RSA in commercial PGP, not free PGP, where
>they are accused of many license violations by RSADSI. They are trying,
>IMHO, to make free users (where there is no such dispute) switch so that
>they can make credible claims about the size of the user base in selling
>pay PGP, and promoting open PGP. And I can't help feeling there's a spite
>element as well.
>
conclusions above. No one can force the users of free PGP to
switch away from RSA keys. If they don't want to lose the web of
trust they've built up, I'd expect they'd be very reluctant to
generate new keys. I'd expect these users to simply pass on Phil's
keys are more universally used than their current ones. This is
likely to happen if the commercial versions feature the new keys.
I think the license dispute with RSADSI is reason enough to
not feature RSA keys in the commercial versions.
I don't think that anyone deserves any ire for features they do or do
not put in free software. If you don't like it, try to remember what
you paid for it. And did the still free PGP 2.6 magically disappear from
archives and hard drives?
>Agreed. But the bad guy here is PGPI2, not RSADSI. See above.
>
There is no bad guy here.
Isaac
Eddie Seymour
>hmm. I don't know the details of the lawsuit but I wonder what you
>or anyone else would do if you were sued by a company whose product
>you included in your product. I don't think I would. I suppose
>the inclusion of RSAREF would lead to increased RSA business.
>I wonder if there is a simple description of what is going on in the
>aforementioned lawsuit that one could access by Internet?
Sounds reminescent of the Sea???(I forget!) arc compression that
inspired zip when they got greedy. Perhaps it's time for RSA to follow
the same road if they wish to.
--
Eddie Seymour
wb4mleATmindspringDOTcom
Ed Stone
In article <3477901B...@sternlight.com>, da...@sternlight.com says...
<snip>
>
> Then they can't interoperate with users who have chosen the new keys. In my
> opinion it's simple extortion to force free PGP users to drop RSA.
Do you advocate 1) prohibiting the ability of users to generate a new style
of key? 2) prohibiting offering free software that gives users the ability to
generate a new style of key? 3) requiring software that generates keys other
than RSA style keys to be free?
<snip>
>
> But that's another evidence that what's going on is extortion of Free PGP
> users. Most commercial versions of PGP do use and generate RSA keys.
I would think that Free PGP users, like most people, would react negatively
to extortion, if in fact those users perceive the offering of free software
for voluntary use, to be "extortion". ;-)
>
> What's going on is, in my opinion, simple. There are relatively few users of
> the "new" keys in commercial PGP (compared to, say, Verisign or PGP-RSA).So
> to get any credibility at all, they have to force users of Free PGP to switch
> to the new key approach so they can make claims about a user base for those
> keys in order to gain market and IETF credibility.
Possibly, Free PGP users will march on PGP Inc. headquarters, with bull
horns, signs, chants, slogans! Film at 11! ;-)
<snip>
> History didn't start with PGP 5.5. They owe their
> reputation and any commercial success to the huge free user base for PGP-RSA,
> and thus it is pretty shoddy treatment. Can you say "biting the hand that
> made it possible for one to be fed"?
Fed? Uh, it was a free product. Phil worked slavishly to provide FREE strong
crypto. You can still get lots of versions of PGP FREE all over the world.
You can get PGP source code from PGP Inc, or Stale in Norway. You can
download more than a score of front ends to PGP C code systems.
But if one is really concerned about FREE, can we find out why VeriSign
STOPPED giving FREE email certs? Biting the hand, yada yada? You can equip
Eudora to gen and use RSA keys for $5. FIVE DOLLARS. You can't even get a
VeriSign cert for that. FileCrypt was much adored, and you can get
RSA/MD5/IDEA/DH-Elgamal/CAST/TripleDES/DSS-SHA-1 cheaper in a better GUI from
PGP Inc, than you can get just RSA/MD5 from FileCrypt. Plus FileCrypt is MAC
only, while PGP Inc is writing for multi-platforms.
<snip>
Ed Stone
In article <david-22119...@lax-ca66-15.ix.netcom.com>,
da...@sternlight.com says...<snip>
> >
> >So PGP removes the RSA algorithm from the other algorithms they
> >provide in order to still provide the freeware.
>
> No. IMHO they do it to try to force the huge base of free PGP RSA-key
> users to switch away from RSA.
The software would be free, and users could simply choose to keep what they
have. It is hard to see "force" here.
> It's a consequence of their dispute with
> RSADSI over the license for RSA in commercial PGP, not free PGP, where
> they are accused of many license violations by RSADSI.
"..their dispute" might be clarified by noting that RSADSI filed suit against
PGP Inc., not the other way around.
> They are trying,
> IMHO, to make free users (where there is no such dispute) switch so that
> they can make credible claims about the size of the user base in selling
> pay PGP, and promoting open PGP. And I can't help feeling there's a spite
> element as well.
I have no doubt that Mr. Sternlight might find spite under this bed. But,
rather than becoming alarmed, two matters are relevant:
1. the software is free, and use of it is voluntary...
2. OpenPGP will provide a uniform specification, with normal IETF
consideration of legacy issues, and any company can write software to comply
and be compatible with it. Thus, RSADSI will be able to write, and distribute
free, software that provides RSA keys and MD5 message digests (as well as the
planned standard DH-Elgamal keys and DSS-SH1 message digest, if they wish to
to do. Supporting OpenPGP can accelerate this opportunity for RSADSI to offer
such free software. RSADSI will already be writing DH keys into S/MIME
toolkits, since the S/MIME standard-in-development will set that as a MUST
algorithm.
>
> >
> >Meanwhile PGP does include the RSA algorithm in the Business Version
> >which users do pay for.
> >
> >Am I ok so far?
>
> No.
Actually, he's quite correct. PGP 5.5 for Business Security does include the
RSA algorithm. And DH-Elgamal. And IDEA, CAST, and TripleDES. And MD5 message
digest for the RSA keys. And DSS-SHA-1 for DH keys. All of it. Nicely GUI.
Very slick.
> >
> >So David gets pissed at PGP because they are dropping RSA from the
> >huge installed base of PGP freeware users.
>
> Yes.
PGP Inc cannot "drop RSA from the huge installed base of PGP freeware users".
PGP CAN make new products, give some of them away free, and see who wants
them. The installed base *users* will make their choices, which include
software than handles both key styles, both message digest styles, etc.
Cheaper than FileCrypt, which is only RSA/MD5 based.
> >If so, then I would think that David should get pissed at RSA instead
> >for not allowing PGP to distribute the RSA algorithm free with the
> >freeware version?
>
> But they have always allowed PGP to use RSAREF free, for free PGP, ever
> since MIT version 2.x.
>
> >
> >It would seem to me that everyone would benefit if RSA allowed PGP to
> >include the RSA algorithm as an option without charge in the freeware
> >version.
>
> Agreed. But the bad guy here is PGPI2, not RSADSI. See above.
Casting as good and evil, noted. ;-)
Ed Stone
In article <34778E3B...@sternlight.com>, da...@sternlight.com says...
>
> You are too kind to PGP Inc. Free PGP 5.0 didn't "lack" RSA key
> generation. It was present in the same version of RSAREF they used there
> and in Free PGP 2.x. They simply didn't enable it, thus gratuitously giving
> users the finger.
>
Well if "users" see it that way, PGP Inc will be punished in the marketplace,
right? And if "users" don't see it that way, PGP Inc may be rewarded in the
marketplace.
Not to forget, free MIT and International 2.6.x still works just fine! And
the OpenPGP standard specification will allow RSADSI to provide the
compatible free software to those "users", if it would like to provide that
service...
Bill Unruh
In <657vke$7...@camel12.mindspring.com> Is...@yellow.submarine.pla (Isaac) writes:
>David is right about the facts, but I don't think they lead to his
>conclusions above. No one can force the users of free PGP to
>switch away from RSA keys. If they don't want to lose the web of
>trust they've built up, I'd expect they'd be very reluctant to
>generate new keys. I'd expect these users to simply pass on Phil's
>new free software. They'll switch when the find that the new
>keys are more universally used than their current ones. This is
>likely to happen if the commercial versions feature the new keys.
>I think the license dispute with RSADSI is reason enough to
>not feature RSA keys in the commercial versions.
HIs compaint is that it is the Free versions, not the commercial
versions, which have now dropped RSA completely. As far as I know 5.5
commercial does allow both generation and use of RSA. IT is the reputed
5.52 (which apparently only David has seen) which has entirely dropped
RSA- generation(which was already dropped in 5.0) AND decryption (which
was still in 5.0). I must admit that I also find this to be a shame. The
complete break with the large 2.x user base is not good.
I have no worries about ElGamal itself--The implimentation is trivial,
and the key generation can use almost all of the previous key generation
code as well (Note that one has no ability to test the key generation
code of RSA,Netscape,IE,Ensure,...- they are far more of a black box
which one must accept on trust than is PGP who at least published the
code for one of their implimentations). HOwever, the cutting off of the
previous user base, together with the increased proprietaryization of
PGP make it into just another crypto code. YOu would be far better off
using Ensure, since its free version is freely exportable )from Canada)
to almost anywhere in the world, and it does support RSA as well as many
other crypto versions. It is however also secretive about its code,
which in my book would rule it out of any serious crypto use.
arma...@coastalnet.com
Norman...read your concerns, or others, about the latest version of PGP.
Everyone can resolve most of their problems with the RSA/PGP legal
language by going out and picking up the PGP $5.00 upgrade so that you
will have an RSA compatible version...here is the web address:
http://www.pgp.com/products/eudora.cgi
One note though...this version only works with Eudora 3.0 or later, and
is known to be compatible with Eudoralight 3.05...
Once you install the upgrade, you will find that you are RSA and
Diffie/Hellman key compatible...and for five bucks, what the heck...now
you can talk to everybody...
Enjoyed reading the comments in this news group......Ed
-------------------==== Posted via Deja News ====-----------------------
http://www.dejanews.com/ Search, Read, Post to Usenet
David Sternlight
In article <34785edb...@news.concentric.net>, NOSPAM...@nha.com wrote:
>hmm. I don't know the details of the lawsuit but I wonder what you
>or anyone else would do if you were sued by a company whose product
>you included in your product. I don't think I would. I suppose
>the inclusion of RSAREF would lead to increased RSA business.
>I wonder if there is a simple description of what is going on in the
>aforementioned lawsuit that one could access by Internet?
Sure. RSADSI licensed RSA to a company called Viacrypt under specific
terms and conditions. Among the terms and conditions were that Viacrypt
couldn't pass the license on to another company without RSADSI's written
permission in advance, that they couldn't OEM RSA, that they had to pay
specific royalties, and that they had to make their books available for
inspection.
PGP Inc. merged with Viacrypt in a triangular merger that left a new
surviving company, Pretty Good Privacy Inc.. The management of the
surviving company is that of PGP Inc. and not Viacrypt. The geographical
location is that of PGP Inc. and not Viacrypt.
RSADSI wrote Pretty Good Privacy Inc. a letter cancelling the RSA license
on the following grounds:
1. The merger was a sham transaction to avoid the assignment clause.
2. The company has been OEM-ing RSA in violation of the license.
3. The company has not been paying all fees due.
4. The company has refused to make their books available as required.
What is more, although the agreement contains an arbitration clause, it
also provides that certain offenses including the above-charged ones are
cancellation offenses, and that the agreement specifies which clauses
survive cancellation. The arbitration clause is not among those listed as
surviving cancellation. Therefore RSADSI argues then need not take the
above to arbitration but can simply cancel the contract in writing, which
they have done.
RSADSI went to State court to get a confirmation that they had that right
to cancel the contract unilaterally as they did.
Pretty Good Privacy Inc. denied the charges. Further, they said if the
charges are true they must be arbitrated and that RSADSI cannot cancel the
contract unilaterally.
They tried to get a third firm (a party to PKP--the firm that previously
had the RSA and Stanford patent rights before the two were divided with
RSADSI getting the RSA patent rights) to intermeddle arguing that Pretty
Good Privacy Inc. was right and RSADSI wrong. (This third firm had
considerable bad blood toward RSADSI because they lost badly in the PKP
split-up.) That went to a separate arbitration provided for as part of the
split up of PKP (nothing to do with the arbitration Pretty Good Privacy
Inc. was requesting). That PKP arbitrator ruled the third firm was flat
wrong and had no standing to intermeddle between RSADSI and Pretty Good
Privacy Inc.. The RSADSI/Pretty Good Privacy Inc. case then continued in
State court.
The State Court judge ruled the matter must go to arbitration.
RSADSI has now taken it to Federal Court, where it is pending and it seems
there will be no arbitration unless and until the Federal Court rules so.
If the Federal Court finds for RSADSI, Pretty Good Privacy Inc. will be
unlicensed for RSA because their acts will be found to be cancellation
violations. If the Federal Court sends it to arbitration, the arbitrators
will have to decide whether Pretty Good Privacy Inc. has committed
cancellable acts.
<End of factual summary. What follows is lay opinion.>
If RSADSI prevails either in Federal Court or in an arbitration, Pretty
Good Privacy Inc. will likely then be found to have been infringing in all
copies of PGP sold after the cancellation date (I think last June) which
include RSA. In addition, purchasers subsequent to that date will likely
be found to be unlicensed and hence infringing.
Patent law provides that if you have a copy of software containing the
patented matter ("practicing the patent" is the term of art), whether you
actually use it or not is irrelevant--you have either to be licensed or
you're infringing.
If Pretty Good Privacy Inc. loses, it is always possible they and RSADSI
will then come to some financial settlement that will either leave Pretty
Good Privacy Inc. licensed for RSA, or at least will hold users who have
bought the thing from them in good faith harmless. But that's sheer
speculation on my part. My GUESS is that since Pretty Good Privacy Inc.
are so furiously trying to get rid of RSA in the latest versions of some
of their software, their attorneys have told them they'll probably lose,
and it is even possible they did all this deliberately as part of some
anti-RSADSI strategy--dunno. My further GUESS is that RSADSI isn't going
to allow Pretty Good Privacy Inc. to continue to use RSA if RSADSI
prevails--there is too much PGP history which I believe RSADSI considers
deliberately underhanded and dishonest (whatever others may think), dating
all the way back to Phil's first publication of PGP which deliberately
used RSA without a license. Much of this history is on record in, among
other places, Simpson Garfinkel's excellent book on PGP, and Phil
Zimmermann has confirmed the basic facts of his behavior in an interview
he gave to MicroTimes earlier this year.
Disclaimer: The writer is not an attorney and the above is not legal
advice. For legal advice, consult a lawyer.
David Sternlight
Ed Stone wrote:
> > It's a consequence of their dispute with
> > RSADSI over the license for RSA in commercial PGP, not free PGP, where
> > they are accused of many license violations by RSADSI.
Nonsense. There is no dispute with RSADSI over RSAREF (used in Free PGP 5.0). It is
free, and fully licensed and there is no court matter nor license violation
accusation involved.
>
>
> "..their dispute" might be clarified by noting that RSADSI filed suit against
> PGP Inc., not the other way around.
Irrelevant red herring. RSAREF in Free PGP is not in dispute.
> 2. OpenPGP will provide a uniform specification, with normal IETF
> consideration of legacy issues, and any company can write software to comply
> and be compatible with it.
Another irrelevant red herring. OpenPGP, as Stone is constaltly fond of pointing out,
is a standard under development. PGP 5.x is a real program in the field now.
David
David Sternlight
Bill Unruh wrote:
> In <657vke$7...@camel12.mindspring.com> Is...@yellow.submarine.pla (Isaac) writes:
> >David is right about the facts, but I don't think they lead to his
> >conclusions above. No one can force the users of free PGP to
> >switch away from RSA keys. If they don't want to lose the web of
> >trust they've built up, I'd expect they'd be very reluctant to
> >generate new keys. I'd expect these users to simply pass on Phil's
> >new free software. They'll switch when the find that the new
> >keys are more universally used than their current ones. This is
> >likely to happen if the commercial versions feature the new keys.
> >I think the license dispute with RSADSI is reason enough to
> >not feature RSA keys in the commercial versions.
>
> HIs compaint is that it is the Free versions, not the commercial
> versions, which have now dropped RSA completely.
Yes.
> As far as I know 5.5
> commercial does allow both generation and use of RSA. IT is the reputed
> 5.52 (which apparently only David has seen) which has entirely dropped
> RSA- generation(which was already dropped in 5.0) AND decryption (which
> was still in 5.0). I must admit that I also find this to be a shame. The
> complete break with the large 2.x user base is not good.
I think it's a deliberate slap in the face of the hand that feeds them (if I can mix
a metaphor), and is thus more than ":not good". I find it reprehensible. What is
more, they are using an authoritarian "big brother" approach on the weakest segment
of their user base--the free users, rather than keeping options in Free PGP 5.x. and
simply explaining any concerns they have. This does not comport with the ideology
professed by Phil or his defenders. It would seem he has one ideology for the peanut
gallery, and a rather different one when his self-interest is actually involved.
> I have no worries about ElGamal itself--The implimentation is trivial,
> and the key generation can use almost all of the previous key generation
> code as well (Note that one has no ability to test the key generation
> code of RSA,Netscape,IE,Ensure,...- they are far more of a black box
> which one must accept on trust than is PGP who at least published the
> code for one of their implimentations).
How do you know its the same code? You'd have to scan it in, compile it with an
identical compiler to that used by PGP Inc., and do a binary compare of the result.
To date I know of no one at arms length from PGP Inc. who has actually done this and
announced the results.
> HOwever, the cutting off of the
> previous user base, together with the increased proprietaryization of
> PGP make it into just another crypto code.
And from a firm I think users can no longer trust, ethically speaking. When it comes
to crypto vendors the motto has to be "false in one, false in all". This is very
bad.
As a result of all this I'm starting to see a number of posts saying, "I'm sticking
with PGP 2.x". I would argue that is perhaps the wisest course for free users.
Try this simple test of honesty. See if PGP, having completely disabled RSA in Free
PGP 5.52, continues to count RSA key holders in their user base for propaganda
purposes
David
David Sternlight
Wolf wrote:
> It's impossible to believe that Highware didn't know FileCrypt
> would break under the new operating system long before MacOS 8
> was released. All of which suggests that Highware perhaps spent
> the intervening time debating its continued presence in this
> market.
Or that (if we're speculating and atttempting mind-reading) possibly PGP
was giving them a hard time legally--dunno.
>
>
> I was pleased by the news that FileCrypt will get new life, and
> hope the rewrite will advance the software's feature set, as
> well.
I would like to see FileCrypt come out with a simple fix for System 8
and leave the rewrite for later. Given PGP's complete abandoning of the
huge RSA-key PGP user base in the lastest Free 5.52 version, there's a
big market here for FileCrypt to exploit. If they're prompt, perhaps
they can teach PGP a lesson about loyalty to users. Think of the ad
campaign: "The only new product compatible with classical PGP. Not even
PGP can make that statement".
If PGP Inc. loses the RSADSI legal matter, then FileCrypt, being fully
licensed by RSADSI, has some even more interesting ad taglines taking
advantage of that outcome.
By the way Robert Townsend, the founder of Avis, would probably call
what PGP Inc. has now done to the free user base "pissing in the soup",
as anyone familiar with his books "Up the Organization" knows.
David
Ed Stone
In article <34793AA2...@sternlight.com> of Mon, 24 Nov 1997 00:28:32 -
0800, da...@sternlight.com says...
<snip>
> I think it's a deliberate slap in the face of the hand that feeds them (if I can mix
> a metaphor), and is thus more than ":not good". I find it reprehensible.
That PGP Inc. might offer free software that lacks features you personally
would like to obtain free?
> What is
> more, they are using an authoritarian "big brother" approach on the weakest segment
> of their user base--the free users, rather than keeping options in Free PGP 5.x. and
> simply explaining any concerns they have.
You sound more positive about PGP's importance than when you called it "a
pissant pimple" for a tiny constituency. ;-)
Is offering free software an "authoritarian, big brother approach"?
> This does not comport with the ideology
> professed by Phil or his defenders. It would seem he has one ideology for the peanut
> gallery, and a rather different one when his self-interest is actually involved.
So Phil is going to get rich off giving away free software? Possibly Mr.
Bidzos could help us all with lectures about altruism, vows of poverty, etc.
Oh, and speaking of "peanut gallery", have you found out why Veri$ign stopped
giving away free email certs, and now charges more for them than the cost of
a Eudora add-on of full RSA key capability? ;-)
>
> > I have no worries about ElGamal itself--The implimentation is trivial,
> > and the key generation can use almost all of the previous key generation
> > code as well (Note that one has no ability to test the key generation
> > code of RSA,Netscape,IE,Ensure,...- they are far more of a black box
> > which one must accept on trust than is PGP who at least published the
> > code for one of their implimentations).
>
> How do you know its the same code? You'd have to scan it in, compile it with an
> identical compiler to that used by PGP Inc., and do a binary compare of the result.
> To date I know of no one at arms length from PGP Inc. who has actually done this and
> announced the results.
Can you point me to such an assuring test of Netscape's crypto capabilities?
Of FileCrypts? The absence of such tests on those products seems to have gone
un-excoriated. Mr. Sternlight has even recommended both! ;-)
1. We know that RSADSI themselves have (in writing) recommended "swapping
out" MD5 as a message digest algorithm due to their assessment of its
strength.
2. We don't know of *any* weakness in the Elgamal implementation in PGP.
3. About which do we hear fear, uncertainty and doubt, above?
>
> > HOwever, the cutting off of the
> > previous user base, together with the increased proprietaryization of
> > PGP make it into just another crypto code.
"pissant pimple"? ;-)
>
> And from a firm I think users can no longer trust, ethically speaking. When it comes
> to crypto vendors the motto has to be "false in one, false in all". This is very
> bad.
From hand-waving to hand wringing! Sound like your reservoir of good will
toward Phil and PGP Inc, is at an end. ;-)
>
> As a result of all this I'm starting to see a number of posts saying, "I'm sticking
> with PGP 2.x". I would argue that is perhaps the wisest course for free users.
Clearly a wise course is for people to have real choices and the freedom to
choose among them.
>
> Try this simple test of honesty. See if PGP, having completely disabled RSA in Free
> PGP 5.52, continues to count RSA key holders in their user base for propaganda
> purposes
slap in the face... reprehensible... authoritarian... big brother... trust...
ethically... false... bad... honesty... propaganda purposes...
Are we talking about Sadaam's latest behavior, or the offering of a free
program from a small privately-held company? Too much caffeine? ;-)
>
> David
Ed Stone
In article <34793D2E...@sternlight.com> of Mon, 24 Nov 1997 00:39:25 -
0800, da...@sternlight.com says...
>
>
> Wolf wrote:
>
>
> > It's impossible to believe that Highware didn't know FileCrypt
> > would break under the new operating system long before MacOS 8
> > was released. All of which suggests that Highware perhaps spent
> > the intervening time debating its continued presence in this
> > market.
>
> Or that (if we're speculating and atttempting mind-reading) possibly PGP
> was giving them a hard time legally--dunno.
Maybe PGP Inc is actually the force behind El Nino!! ;-)
> > I was pleased by the news that FileCrypt will get new life, and
> > hope the rewrite will advance the software's feature set, as
> > well.
>
> I would like to see FileCrypt come out with a simple fix for System 8
> and leave the rewrite for later. Given PGP's complete abandoning of the
> huge RSA-key PGP user base in the lastest Free 5.52 version, there's a
> big market here for FileCrypt to exploit.
FileCrypt costs $89 at present. With only RSA/IDEA and MD5-based message
digest, and the ability to run ONLY on MAC's prior OS, at present. Exactly
why is its market here "big", when you can buy a version of PGP from PGP Inc
that offers RSA/IDEA/MD5 + DH-Elgamal/DSS-SHA-1/IDEA/CAST/TripleDES, for
less, TODAY? There wouldn't be any bias here affecting those market-
prospect projections, would there? ;-)
> If they're prompt, perhaps
> they can teach PGP a lesson about loyalty to users. Think of the ad
> campaign: "The only new product compatible with classical PGP. Not even
> PGP can make that statement".
Oh, is FileCrypt going to be FREE? Wonderful!! Of course the NEW for-sale
version of PGP that I use handles the old RSA keys just fine... ;-)
>
> If PGP Inc. loses the RSADSI legal matter, then FileCrypt, being fully
> licensed by RSADSI, has some even more interesting ad taglines taking
> advantage of that outcome.
Factually, RSADSI lost in the only matter of RSADSI v PGP to go before a
judge for verdict. ;-)
>
> By the way Robert Townsend, the founder of Avis, would probably call
> what PGP Inc. has now done to the free user base "pissing in the soup",
> as anyone familiar with his books "Up the Organization" knows.
How picturesque! One can only imagine how Avis would have been kicked around
if it stopped equipping its FREE cars with paper floor mats! ;-)
Murf
David Sternlight wrote:
-[snip]-
>
> I think it's a deliberate slap in the face of the hand that feeds them (if I can mix
> more, they are using an authoritarian "big brother" approach on the weakest segment
> of their user base--the free users, rather than keeping options in Free PGP 5.x.
>
-[snip]-
David,
Enough already about the "slap in the face" crap. Get over it. There
are some alternatives you may consider... 1st, why not spend a few
thousnad hours and create a superoir crypto program for the free masses
and then promise them a life time of free service and upgrades while
maintaining complete backwards compatibility. Someone who has bitched so
much about a free program should be so understanding.
2nd, you could always "purchase" the version and then complain if it
doesn't fit your needs.
3rd, Show PGP Inc. you mean business and stop using pgp altogether.
Of course it's obvious that people who have been using free PGP for
years now would just love to continue the past tradition of free crypto.
In fact they can. pgp 2.6.x is still functioning as always and you are
more than welcome to enjoy its full functionality. pgp 5.x is also
available for free... but as an incentive to the people who can actually
afford to buy the program they have thrown in some extra's... not an
original concept. And if they should decide to remove RSA altoghether
from pgp 5.x then USE AN EARLIER VERSION! For god sakes man, its a free
program!
Greg Hennessy
In article <347632DB...@sternlight.com>,
David Sternlight <da...@sternlight.com> wrote:
>I see. So 1. it is ok to screw the vast RSA-key user base on which
>PGP made its reputation and without which PGPI2 probably wouldn't
>exist, and if they don't like it, tough?
If a new version of software is released which does not meet a users
needs, that user should not use it.
The old version will continue to be available for those users who want
to use the more insecure versions of RSA keys with MD5.
Greg Hennessy
In article <655jb4$v...@camel20.mindspring.com>,
Isaac <Is...@yellow.submarine.pla> wrote:
>I once had an acquaintance who when caught in seeming logical inconsistencies
>like the one you point out above, simply admitted to having double standards.
>This normally ended any further need to argue.
If Sternlight admits to having double standards, I suspect that most
people would no longer argue with him.
Greg Hennessy
In article <3476B840...@sternlight.com>,
David Sternlight <da...@sternlight.com> wrote:
>> Evidently, I have suffered the fate of being un-killfiled by DS. If
>> I play my cards right, I can regain that highly desired status in
>> about one week.
>So you hope to be able to attack me here while being immune to any
>response? And you don't find that at all cowardly?
Ed said nothing about attacks. Your attempt to portray his comments as
such are not worthy.
Greg Hennessy
In article <3477901B...@sternlight.com>,
David Sternlight <da...@sternlight.com> wrote:
>Then they can't interoperate with users who have chosen the new
>keys.
Then they ask those persons to use the old software. They can't
interoperate with S/MIME wither, and you don't bitch about that.
>What's going on is, in my opinion, simple. There are relatively few users of
>the "new" keys in commercial PGP (compared to, say, Verisign or
>PGP-RSA).
Jutify this statement. How many keys has Verisign issued? There are
estimates that 70% of the keys on the MIT keyserver are D/H keys not
RSA keys, and this was *BEFORE* the new freeware version PGP was
released.
>Any blame belongs at
>the doorstep of PGP Inc.
No blame belongs anywhere.
Greg Hennessy
In article <david-23119...@lax-ca66-26.ix.netcom.com>,
David Sternlight <da...@sternlight.com> wrote:
>They tried to get a third firm (a party to PKP--the firm that previously
>had the RSA and Stanford patent rights before the two were divided with
>RSADSI getting the RSA patent rights) to intermeddle arguing that Pretty
>Good Privacy Inc. was right and RSADSI wrong.
Gee, what is the evidence that PGP had anything to do with Cylink's
actions in this case?
Or is this simply paranoia about PGP?
>RSADSI has now taken it to Federal Court, where it is pending and it seems
>there will be no arbitration unless and until the Federal Court rules so.
OF course Sternlight has no basis to make this claim.
><End of factual summary. What follows is lay opinion.>
The facts ended long before David's prose did.
Ed Stone
-----BEGIN PGP SIGNED MESSAGE-----
In article <347936C0...@sternlight.com> of Mon, 24 Nov 1997 00:11:58
- -0800, da...@sternlight.com says...
>
>
> Ed Stone wrote:
>
> > > It's a consequence of their dispute with
> > > RSADSI over the license for RSA in commercial PGP,
> > > not free PGP, where they are accused of many
> > > license violations by RSADSI.
>
> Nonsense. There is no dispute with RSADSI over RSAREF
> (used in Free PGP 5.0). It is free, and fully licensed
> and there is no court matter nor license violation
> accusation involved.
Mr. Sternlight, may I gently call attention to the fact
that you have just called *your own words*, posted just
day before yesterday, "Nonsense"? Further, you have ascribed
them to me. You posted those words in Message ID
<david-22119...@lax-ca66-15.ix.netcom.com>
on 11/22/97.
While you certainly have the right to argue with yourself
in public, it lends some credence to those who question
the "balance" of your comments, and it scares the children.
;-)
> >
> >
> > "..their dispute" might be clarified by noting that
> > RSADSI filed suit against PGP Inc., not the other
> > way around.
Now those (above) are my words..
>
> Irrelevant red herring. RSAREF in Free PGP is not in dispute.
And those are Mr. Sternlight's
>
> > 2. OpenPGP will provide a uniform specification, with
> > normal IETF consideration of legacy issues, and any
> > company can write software to comply and be compatible
> > with it.
Mine again (above)...
>
> Another irrelevant red herring. OpenPGP, as Stone is
> constaltly fond of pointing out, is a standard under
> development. PGP 5.x is a real program in the field now.
>
> David
>
>
And of course, Mr. Sternlight's (above). Yes, this is signed
by a real program in the field now. Just got it this month.
And it is PGP 5.5. And note I'll even sign it with an
RSA key!! ;-)
Try not to argue with yourself in public. It scares
people. ;-)
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5
iQEVAwUBNHmLGYVSIIjbt1r5AQEqrQf8CcjBoAgkDO7FKhNEDVHdbAy9zyQpnVAi
zODK/1Y9CMYVcRKQSQNkJSY0LJw8qVPUFHFN3Qw4K+VZe3LWsT0/tDCEztewvNEo
LZYhQUc/e/aGtXp+jCrM+Xryetmm41v5QV8f0qn+goTW+UyIUZL1uPaf5D/4gScA
yp9ms3+5sLV+od6wuPSlvSUkKOVamO8p1MC4YQt2IuiiKfn/F+mYPjWVQitrgCxP
s7BgULADjfsCRoSbGUDoKf2AD1zV2x+FxSziRF7TVEHq5RY3ftLxabUSN03q1xmF
bOBQLn6EL0awDVJ32ZhxFnaFBpRSDJkLg0eB/yrvo8cARMhcQzF5lw==
=vduN
-----END PGP SIGNATURE-----
Ed Stone
In article <347985...@flash.net> of Mon, 24 Nov 1997 08:49:30 -0500,
mu...@flash.net says...
Those sound like useful, reasonable, practical options for those who might
object to the feature set offered in a free program by PGP Inc.
David Lesher
In article <3476B840...@sternlight.com>,
SternFUD bitterly complained:
>> Evidently, I have suffered the fate of being un-killfiled by DS. If
>> I play my cards right, I can regain that highly desired status in
>> about one week.
>So you hope to be able to attack me here while being immune to any
>response? And you don't find that at all cowardly?
Let me get this straight...
1) Holier than thou SternFUD kill-files someone.
2) The person being kill-filed is labeled a coward
over FUD's action?
This has to be a new standard in blaming the victim. FUD, I gather,
supports restricting Ed's freedom of speech? After all, it was
[presumably] Ed's speech that "forced" SternFUD into kill-filing
him. And now that FUD has done this, Ed is now "cowardly" for
continuing to speak?
Wait until The Founding Fathers hear this one! King George never
even came up with "You can not speak in the Colonies, unless I agree
to listen... and I don't. So THERE..."
(By the way, what *is* with SternFUD and hand fetishes, anyhow?
We get regular doses of ""hand-waving"" and later on he moves
to ""hand-wringing""... I'm reminded somehow of the Nero Wolfe
mystery about the man who kept dreaming of blood on his hands
but was not sure why.....)
I must admit to viewing with bemusement this whole thread. Once
again, he has started out with his assumption that PRZ is Satan,
and constructed an elaborate rationale to justify that. After all,
since FUD is so outraged [...and obviously threatened...] by PRZ,
you would THINK he would *welcome* any event that would portend his
failure in, and thus departure from, the marketplace.
And according to FUD, this "abandoning" of all those existing
keyholders is such a reason. So why is he so unhappy at this
course of events?
--
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433
Ed Stone
-----BEGIN PGP SIGNED MESSAGE-----
In article <bb.wolf-2411...@modem132.1starnet.com> of Mon, 24 Nov
1997 10:35:24 -0600, bb....@usa.net says...
> nos...@synernet.com ( Ed Stone) wrote:
> >FileCrypt costs $89 at present. With only RSA/IDEA
> >and MD5-based message digest, and the ability to run
> >ONLY on MAC's prior OS, at present.
>
> [Cut]
>
> A big problem for Highware. The Mac user base, while rabid, is
> small compared to Windows. Anything they do revenue-wise must
> take this into account. I've not heard anything new on the Win95
> version. And with PGP freeware already out for multiple
> platforms, one has to wonder: What's in it for Highware, unless
> they can offer something much better?
>
> Will Mac users pay close to $100 for FileCrypt when generally
> equivalent software (minus RSA key generation) now exists for
> free? I love my Mac, but I'm rather fond of my money, too. ;-)
If a rewrite for the new MAC OS is not simple, cheap and quick, I'd be
surprised if Highware would want to make the investment in bringing FileCrypt
up to the current MAC OS, unless they also add, or provide only DH key
compatibility, and further unless they feel they can penetrate a substantial
part of the non-US market, where USGovernment stupidity hinders the
opportunities of US firms.
Reasoning is 1) the MAC new-OS customer base is not terribly large/growing
rapidly; 2) those with MACs, who have the new OS, who want strong crypto, who
want PGP or a lookalike to PGP, who will pay more than the PGP Inc product
costs, who are hindered from buying from US providers... starts to comprise a
smallish market sliver, comparatively. 3) the interest in RSA-only PGP
look-alikes will now begin to shrink; 4) risk somewhat high, sureness of
substantial profits pretty low.
I would expect that only if holding a sliver of the PGP/MAC market is
necessary from a general corporate positioning viewpoint, could they justify
the time, cost and risk, and then it would likely be subsidized by other
products. Speculation/Intuition, of course.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5
iQEVAwUBNHnC2YVSIIjbt1r5AQF2sgf+NCDuHlovdIYpEZV578HhRzEMzRL2zp0O
ACHg6qRY2Dg97sMlGbl6JLCztGgFBu0ebDYlSs6nk01eX6DPo/c1uz1IDJA2ymKp
A/pGNWZB4IHDrNexcQ7gtNmhyqz/aMccuBCuIj9IaJbE0pFaYI/6wj0C0vhL/e4n
Qe1s1oDdeFBkBg+sJTEoRSlJ7A+mZmi/r/oFURp8LDOhgtliZ/MuOgzS6mORu+YR
a0YMQ/FrU4F1aRCI6b0cLWAdt+P+PR9vX4yy1WNXA9/W7DG37cJLnkrz0ogUtutK
EVI40WGhBN9A5bVDdRo4ocOLPFyBweUPOFieN7h7Enaxp9QdE1aCYQ==
=tazr
-----END PGP SIGNATURE-----
Bill Unruh
In <34793AA2...@sternlight.com> David Sternlight <da...@sternlight.com> writes:
>> I have no worries about ElGamal itself--The implimentation is trivial,
>> and the key generation can use almost all of the previous key generation
>> code as well (Note that one has no ability to test the key generation
>> code of RSA,Netscape,IE,Ensure,...- they are far more of a black box
>> which one must accept on trust than is PGP who at least published the
>> code for one of their implimentations).
>How do you know its the same code? You'd have to scan it in, compile it with an
>identical compiler to that used by PGP Inc., and do a binary compare of the result.
>To date I know of no one at arms length from PGP Inc. who has actually done this and
>announced the results.
Uh, David-- I have been the one in this news group who has constantly
and consistantly pointed out the problem with PGP 5 and thelack of
source code-- note that bracketed phrase above. I have absolutely no problem in believing that they coded
ElGamal properly- as I said, it is trivial, especially as it uses the
same algorithms that RSA does (modular multiplication,
exponentiation,..) I do have a problem with them not opening their key
generation code to testing (eg a source code recompilable module).
Anthony E. Greene
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 24 Nov 1997 00:28:32 -0800, David Sternlight
<da...@sternlight.com> wrote:
[many words about PGP abandoning free users]
Did somebody remove 2.62 from the MIT site? It was still there the last
time I looked. Lurkers are welcome to look for themselves:
<http://web.mit.edu/network/pgp.html>.
I also checked Stale's site for non-U.S/Canadian users. It appears PGP
2.63i is still available too: <http://www.ifi.uio.no/pgp/>.
The way I understand it PGP Inc has *added* a new version that you can
buy that is completely compatible with the old free version AND has an
easy interface. They have also released a free version that is partly
compatible with the older free version. Some users can even get the new
GUI, new algorithms, keyserver integration, and full compatibility with
older versions for US$5.
And the older versions are still available. I'm sure there is a downside
somewhere, hmmmmm... Oh I remember now! The new versions default to
generating an incompatible key format. Big deal. The new version of
[name your favorite Microsoft Office97 application] defaults to an
incompatible format too. Granted the process of generating a key with
PGP 2.6x is more complicated than using SaveAs to change file formats,
but it's not that difficult with instructions or help from a 2.6x user.
A complete installation is not needed, just the executable and somebody
to type "pgp -kg +nomanual". A few key hits later... Presto! Get your
RSA keys here!
There are many new users that old users can't communicate securely with.
Surprise! Old PGP users have NEVER been able to communicate securely
with these people. So now they still can't (without a little effort). So
what?
<hypothetical>
A year ago I could not communicate securely with my friend who's a
novice user. Now he uses PGP5 and I still can't communicate securely
with him. Nothing has changed.
</hypothetical>
I guess I could be angry at PGP Inc for not providing me with more
people to communicate securely with, but that sounds awfully selfish to
me.
Sarcasm aside, I think it's important to note something that may not be
obvious to casual readers of this thread. The fielding of new versions
of PGP does not mean the same thing for PGPFreeware users as when new
versions of commercial products by other vendors are released. For one
thing PGP Inc NEVER distributed PGP 2.x. PGP 2.6x has been distributed
by MIT since PGP Inc was nothing but a dream. When other vendors release
new versions, the old versions become unavailable. This did not happen.
PGP 2.6x is still available. The release of a new version of software
has come to be automatically associated with the unavailability of older
versions in the minds of many people. You can hardly find 16-bit Windows
applications these days. The places where people have bought or
downloaded 16-bit Windows applications have almost completely moved to
Win95/NT. It has become difficult to get 16-bit applications.
This is not what's happening with PGP. Remember the URLs I included at
the beginning of this post? PGP 2.6x is still available and will be for
the foreseeable future. This is not like the new version releases so
many of us have come to dread. The old versions are still available.
Most of the PGP5 users that can't communicate with PGP2 users couldn't
communicate securely with them six months ago either.
So tell me again David, with the old free versions still available what
is there to be mad about?
Tony
P.S. Has anyone but David seen PGP 5.52?
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQCdAwUBNHnW8ERUP9V4zUMpAQF7TgQ7BT0v6rpK4nxqS8Yr5qcjhPlnAjwfyd7L
wfq9mBOnu35DzHC5s6tjutu7dfcST8+iNxnfB7DJKl/WGOd3PclTNUxDBN27ghhj
iB41wWKRa+0Xi4YT18Zm2kw8ZItXQwVhFvLHrx8KK30LwzXXRkEjijzN00zrTrKw
uHob54ZmsQICDBLRX07VFQ==
=2f4c
-----END PGP SIGNATURE-----
-------------------------------------------------------------
Anthony E. Greene <NoS...@pobox.com> NoSpam=agreene
Use PGP -- Envelopes and Signatures for Email
What is PGP? <http://www.pobox.com/~agreene/pgp/>
My PGP Key: <http://www.pobox.com/~agreene/pgp/agreene.key>
FREEWARE Win95 PGP 5.0: <http://web.mit.edu/network/pgp.html>
-------------------------------------------------------------
Isaac
In article <65c1nn$g...@clarknet.clark.net>, Greg Hennessy wrote:
>
>If Sternlight admits to having double standards, I suspect that most
>people would no longer argue with him.
I disagree. As far as his excoriations are concerned, I believe he has
admitted to having double standards. Yet it seems we still argue as
though we expect him to be fair. I am as guilty as anyone of this.
Isaac
David Sternlight
Ed Stone wrote:
> In article <34793AA2...@sternlight.com> of Mon, 24 Nov 1997 00:28:32 -
> 0800, da...@sternlight.com says...
> <snip>
>
> > I think it's a deliberate slap in the face of the hand that feeds them (if I can mix
> > a metaphor), and is thus more than ":not good". I find it reprehensible.
>
> That PGP Inc. might offer free software that lacks features you personally
> would like to obtain free?
As usual you are tiresomely repeating points already refuted. PGP Inc. made their
reputation on the free user base, and caused a large user body of RSA-keys, signatures,
and web of trust to be created. The new free version deliberately and involuntarily
obsoletes that large investment of time and effort by PGP's user base, and for no valid
reason except what seems to be petty spite against RSADSI.
If they've obsoleted all those users, they should stop counting them when they try to get
credibiilty in press releases and with the IETF.
Not giving users a smooth and voluntary upgrade path by providing both new key generation
and RSA key generation (and in more recent versions RSA encryption and decryption) IS an
authoritarian "big brother" approach which is inconsistent with PGP's pious claims of
grass-roots decentralized crypto decisions. If RSADSI or the US Government did something
similar you'd be screaming "Fascist!" from the rooftops.
You should start reading the IETF Open PGP mailing list to see many views similar to the
above by other independent and respected commentators. (I have copied a few samples to
this newsgroup.) Your personal animus has blinded you to simple reason and logic.
David
David Sternlight
Greg Hennessy wrote:
> In article <347632DB...@sternlight.com>,
> David Sternlight <da...@sternlight.com> wrote:
>
> >I see. So 1. it is ok to screw the vast RSA-key user base on which
> >PGP made its reputation and without which PGPI2 probably wouldn't
> >exist, and if they don't like it, tough?
>
> If a new version of software is released which does not meet a users
> needs, that user should not use it.
>
> The old version will continue to be available for those users who want
> to use the more insecure versions of RSA keys with MD5.
This is a very foolish post, Greg, as a moment's reflection will convince
you. I know you are smarter than that.
1. Are you making a guarantee on behalf of PGP Inc. that Version 5.0
(free) will continue to be available? On behalf of MIT that free 2.x and
5.x will continue to be available? That PGP Inc. will fix any bugs found
without further obsoleting RSA? That PGP won't next refuse RSA keys on
their key server?
2. It is flat out false that RSA keys are insecure, comparable key
lengths considered.
3. MD5 has not been broken nor is that imminent. There is a theoretical
possibility that two messages can hash to the same total--this is true of
any hashing algorithm. But nobody has been able to suggest a way to
created a spoofed message with desired bogus content and with the same
hash as another message, nor is such a thing likely. And any coincidence
causing two messages to have the same hash is of very low probability and
one of the messages is highly likely to be gibberish. That other hash
functions have even lower probability does not obsolete MD5 any more than
4096 keys obsolete (at known and expected state of the art over the next
several years) 2048.
But you know all this. I repeat: I'm surprised at you for posting the
above. You are showing the signs I have come to recognize as precursors
of "losing it". Take a deep breath and rethink.
Best;
David
David Sternlight
Greg Hennessy wrote:
> In article <655jb4$v...@camel20.mindspring.com>,
> Isaac <Is...@yellow.submarine.pla> wrote:
> >I once had an acquaintance who when caught in seeming logical inconsistencies
> >like the one you point out above, simply admitted to having double standards.
> >This normally ended any further need to argue.
>
> If Sternlight admits to having double standards, I suspect that most
> people would no longer argue with him.
My response to your previous post was prophetic. You HAVE lost it. Time to
apologize and get back to our agreed ground rules, again, Greg.
David
David Sternlight
Greg Hennessy wrote:
> In article <3477901B...@sternlight.com>,
> David Sternlight <da...@sternlight.com> wrote:
>
> >Then they can't interoperate with users who have chosen the new
> >keys.
>
> Then they ask those persons to use the old software. They can't
> interoperate with S/MIME wither, and you don't bitch about that.
The didn't create the S/MIME user base. They created the PGP-RSA user base,
signatures, and web of trust. You are losing it, logically speaking, again.
>
>
> >What's going on is, in my opinion, simple. There are relatively few users of
> >the "new" keys in commercial PGP (compared to, say, Verisign or
> >PGP-RSA).
>
> Jutify this statement. How many keys has Verisign issued? There are
> estimates that 70% of the keys on the MIT keyserver are D/H keys not
> RSA keys, and this was *BEFORE* the new freeware version PGP was
> released.
This is untrue. The claim by a PGP flack was with respect to the PGP Inc. key
server--a very new operation. An independent observer who posts to the IETF PGP
newsgroup is about to post his analysis of the key mix on the key servers, and
it shows that the vast majority of users continue to use RSA keys. What's more,
his interviews show that users are abandoning free 5.x in droves for 2.x because
of the incompatibilities PGP has now deliberately built it. You should know
better than to propagate unchecked and self-serving propaganda from a silly firm
which is so out of touch with reality that it claims to be "the world's de facto
crypto standard".
David
David Sternlight
Greg Hennessy wrote:
> In article <david-23119...@lax-ca66-26.ix.netcom.com>,
> David Sternlight <da...@sternlight.com> wrote:
> >They tried to get a third firm (a party to PKP--the firm that previously
> >had the RSA and Stanford patent rights before the two were divided with
> >RSADSI getting the RSA patent rights) to intermeddle arguing that Pretty
> >Good Privacy Inc. was right and RSADSI wrong.
>
> Gee, what is the evidence that PGP had anything to do with Cylink's
> actions in this case?
PGP Inc's press releases and claims on the matter. Of course it COULD have
been a coincidence. And pigs might fly.
<Offensive personal remarks deleted. You just can't keep your agreements, can
you?>
David
Ed Stone
In article <347A1287...@sternlight.com> of Mon, 24 Nov 1997 15:49:44 -
0800, da...@sternlight.com says...
>
<snip>
> You should start reading the IETF Open PGP mailing list to see many views similar to the
> above by other independent and respected commentators. (I have copied a few samples to
> this newsgroup.) Your personal animus has blinded you to simple reason and logic.
Thanks, I've been reading the OpenPGP list for some time now. And views
similar to yours are certainly rare. Your finding that "personal animus has
blinded [me] to simple reason and logic" gave me the best laugh of the day,
and I thank you for it.
Ed Stone
In article <347A172C...@sternlight.com> of Mon, 24 Nov 1997 16:09:34 -
0800, da...@sternlight.com says...
>
>
> Greg Hennessy wrote:
>
> > In article <3477901B...@sternlight.com>,
> > David Sternlight <da...@sternlight.com> wrote:
> >
> > >Then they can't interoperate with users who have chosen the new
> > >keys.
> >
> > Then they ask those persons to use the old software. They can't
> > interoperate with S/MIME wither, and you don't bitch about that.
>
> The didn't create the S/MIME user base. They created the PGP-RSA user base,
> signatures, and web of trust. You are losing it, logically speaking, again.
Actually, you are simply demonstrating yet again that your sauce is for PGP
Inc, only, and not for gander. ;-)
<snip>
> You should know
> better than to propagate unchecked and self-serving propaganda from a silly firm
> which is so out of touch with reality that it claims to be "the world's de facto
> crypto standard".
>
> David
Now, that is the objectivity, reasonableness and even-handedness that conveys
facts, logical supports, and consensus-building appeal! ;-)
Seriously, rather than casting every move of PGP Inc as evidence of evil,
wrong, ethical bankruptcy, propaganda, silliness, felony, sham, lack of
integrity, detachment from reality, etc, why not just tout what you prefer by
putting forward a description of its positive attributes? In other words, no
need to boo the other guys.
Ed Stone
In article <347A17B1...@sternlight.com> of Mon, 24 Nov 1997 16:11:47 -> > In article <david-23119...@lax-ca66-26.ix.netcom.com>,
> > David Sternlight <da...@sternlight.com> wrote:
> > >They tried to get a third firm (a party to PKP--the firm that previously
> > >had the RSA and Stanford patent rights before the two were divided with
> > >RSADSI getting the RSA patent rights) to intermeddle arguing that Pretty
> > >Good Privacy Inc. was right and RSADSI wrong.
> >
> > Gee, what is the evidence that PGP had anything to do with Cylink's
> > actions in this case?
>
> PGP Inc's press releases and claims on the matter. Of course it COULD have
> been a coincidence. And pigs might fly.
Can you provide URL or quote the segment of a press release that shows that
PGP Inc "tried to get [Cylink] to intermeddle"? We know that Cylink got into
the matter, the question is -- what is the evidence that PGP Inc tried to get
them to do so?
<snip>
David Sternlight
Another flaw in the web of trust and PGP is now revealed and comes home
to roost. Now that PGP Inc. has deep-sixed RSA in new free versions,
not only does everyone with an old RSA key have to generate a new key
but also a complete new set of signatures and web of trust must be built
if they wish to use the "better" algorithms. And the new keys must be
distributed to correspondents, either directly or by "pull" from
servers. This took years the first time--perhaps the second time it will
be a bit faster.
In contrast, with S/MIME-Verisign-Netscape/Microsoft if they were to
change the algorithm you just generate a new key and get one certificate
and you're done. And as you e-mail your correspondents using your new
certificate, they get a copy of your new key automatically.
And some say PGP's trust model is "better". Can you say "needs work",
boys and girls?
David
David Sternlight
Anthony E. Greene wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Mon, 24 Nov 1997 00:28:32 -0800, David Sternlight
> <da...@sternlight.com> wrote:
> [many words about PGP abandoning free users]
>
> Did somebody remove 2.62 from the MIT site? It was still there the last
> time I looked. Lurkers are welcome to look for themselves:
> <http://web.mit.edu/network/pgp.html>.
The "web of trust" model isn't worth much if its main proponent keeps
negating and fragmenting it. They didn't just produce a new version. The
made all the old RSA keys, signatures, and web-of-trust structure worthless
to users of the new version and conversely.
Meanwhile they blithely continued to count old users as part of the "user
base".
David
Ed Stone
In article <347A2DB3...@sternlight.com> of Mon, 24 Nov 1997 17:45:32 -
0800, da...@sternlight.com says...
<snip>
> Meanwhile they blithely continued to count old users as part of the "user
> base".
>
> David
Hey, just because I'm old doesn't mean I'm not a part of the user base!! ;-)
Ed Stone
In article <347A293B...@sternlight.com> of Mon, 24 Nov 1997 17:26:26 -
0800, da...@sternlight.com says...
> Another flaw in the web of trust and PGP is now revealed and comes home
> to roost. Now that PGP Inc. has deep-sixed RSA in new free versions,
> not only does everyone with an old RSA key have to generate a new key
> but also a complete new set of signatures and web of trust must be built
> if they wish to use the "better" algorithms. And the new keys must be
> distributed to correspondents, either directly or by "pull" from
> servers. This took years the first time--perhaps the second time it will
> be a bit faster.
>
> In contrast, with S/MIME-Verisign-Netscape/Microsoft if they were to
> change the algorithm you just generate a new key and get one certificate
> and you're done. And as you e-mail your correspondents using your new
> certificate, they get a copy of your new key automatically.
I really think you'd love PGP for Business Security 5.5. It totally solves
the problem you describe. Here is how it does it:
There are five tabs on the PGP Preferences screen. One of them is "Servers".
In addition to setting which servers you want to use (some are preset when
you install and you can toggle them in or out), you see:
Automatically sychronize keys with server upon:
__ Encrypting to unknown keys __ Key signing
__ Adding names to a key __ Revocations
If you check "Encrypting to unknown keys, Eudora, or Exchange and some other
email software packages will automatically go to the server and get the key
if you send an encrypted message to someone whose key is not on your keyring.
One check mark at set up, and it's done. You'd really like it.
Now when you generate a new key, the software of course signs the key
with itself, and invites you to send it to the server for propagation, as
part of the key gen process. Of course, if you have a prior key that your
"web of trust" relies on as a trusted introducer, you'll want to sign your
new key with it, and send it off to the server. Voila!
And a very large benefit of this is, unlike S/MIME, you are not forced to
send your entire bloated 5,000 character key cert and Veri$ign blurb with
every encrypted message. A real plus! Get it and start using it! I'm sure
you'll just love its ease of use!
> And some say PGP's trust model is "better". Can you say "needs work",
> boys and girls?
>
> David
And just a simple little non-scientific key measure. I just checked the ldap
PGP certserver to find out proportion of DH keys versus RSA keys. My Keys
screen in PGP 5.5 lets me search by creation date, expiration date, key size,
user ID, key ID, key type, key status, and all of the combinations of those,
with point and click ease. So I searched for all userIDs with "green" in
them. Got 311 Diffie Hellman, and 134 RSA. About 2.3:1 DH:RSA.
When I search for only keys created in 1997 with "green" in the userID, I get
311 DH and 27 RSA (11.5:1 DH:RSA). Different keyservers may have different
results...
How can I get some analysis like this of the Veri$ign certs?
W T Shaw
In article <347A293B...@sternlight.com>, da...@sternlight.com wrote:
>
> And some say PGP's trust model is "better". Can you say "needs work",
> boys and girls?
>
from *whole cloth* either. I agree with you here, as strain to say so,
because trust is always a personal business. Now, let's see what the
eliptically minded can do. Can we keep an open mind for now so that they
are NOT premature?
--
wts...@itexas.net--crypto: maintaining the right to develop,
publish, and distribute works of my own creation.
Ed Stone
In article <347A150A...@sternlight.com> of Mon, 24 Nov 1997 16:00:29 -
0800, da...@sternlight.com says...
<snip>
> 3. MD5 has not been broken nor is that imminent. There is a theoretical
> possibility that two messages can hash to the same total--this is true of
> any hashing algorithm. But nobody has been able to suggest a way to
> created a spoofed message with desired bogus content and with the same
> hash as another message, nor is such a thing likely. And any coincidence
> causing two messages to have the same hash is of very low probability and
> one of the messages is highly likely to be gibberish. That other hash
> functions have even lower probability does not obsolete MD5 any more than
> 4096 keys obsolete (at known and expected state of the art over the next
> several years) 2048.
This reminds me that you have not responded to my point: "If you advise users
to continue to use MD5 as a message digest, please express the reasons, and
technical supports, why RSA Laboratories' Advisory recommendation should be
ignored."
What are those reasons, and technical supports?
RSA Laboratories says:
"Therefore we suggest that in the future MD5 should
no longer be implemented in applications like signature
schemes, where a collision-resistant hash function
is required. According to our present knowledge,
the best recommendations for alternatives to
MD5 are SHA-1 and RIPEMD-160." Source:
ftp://ftp.rsa.com/pub/cryptobytes/crypto2n2.pdf
The Status of MD5 After a Recent Attack
Summer 1996
CryptoBytes
and
"At Eurocrypt ‘96 it was announced that collisions
for the compression function of MD5 had been found
[9]. In a modification to the techniques used so
devastatingly on MD4, Dobbertin demonstrated that
collisions for the compression function of MD5 could
be found in around 10 hours on a PC. Whereas the
pseudo-collisions discovered by den Boer and
Bosselaers could not be extended to full collisions
for MD5, no such comfort can be drawn with regard
to the recent work of Dobbertin."
"As a consequence applications which rely
on the collision-resistance of a hash function should
be upgraded away from MD2 and MD5 when practical
and convenient. They can probably be safely
“swapped out” in coordination with the vendor’s
normal product release cycle. RSA Laboratories currently
recommends that in general, the hash function
SHA-1 [17] be used instead but RIPEMD-160
would also be a good alternative."
Source: (ftp://ftp.rsa.com/pub/pdfs/bulletn4.pdf)
<snip>
John L. Spetz
In a previous article, NOSPAM...@nha.com (Norman Hirsch) says:
>Let me see if I understand the basic argument going on here.
>
>RSA charges PGP to include their algorithm.
>
>PGP wants to give strong cryptography to the user (but charge for
>their products when used in business).
>
>PGP obviously cannot give away RSA as a part of their free package if
>they PGP has to pay RSA to include it. How can they provide
>freeware and still hope to exist by having to pay RSA the licensing
>fee?
>
>So PGP removes the RSA algorithm from the other algorithms they
>provide in order to still provide the freeware.
>
>Meanwhile PGP does include the RSA algorithm in the Business Version
>which users do pay for.
>
>Am I ok so far?
>
>So David gets pissed at PGP because they are dropping RSA from the
>huge installed base of PGP freeware users.
>
I think the question is whether PGP is motivated by restrictions
on use of the RSA algorithm or is simply trying to force a
transition to the new product. If 5.52 is released replacing
5.0 is this simply to stop people from generating RSA keys with
2.x then importing them into the free 5.x version? This may be
required by RSA, Inc (or whatever the corp is called) or it may
simply be to fracture the user base for the free programs. It
may be that 5.52 will be the last free version and 5.5+ versions
will be offered for sale as the only intercompatible option. It
would make sense from a marketing stand-point to marginalize the
2.6.x market by releasing 5.52 to split the market then marketing
a 6.0 version with even more features as strictly a commercial
product. There would be less chance of a significant user base
staying on 2.6.x forever *exactly because* there would be two
competing camps of free software. It seems to me likely that an
international version of 5.x with some 2.6.x compatibility will be
released soon but PGP, Inc will ensure that this offering is not
100% compatible with their commercial offering. Call it cynicism
but no company relishes offering their flagship product as a free
sample forever.
Personally I *dislike* GUI interfaces. A "GUI or highway" approach
is enough to lose my support right away. I don't mind GUI support
but particularly when a CLI is well established why not support it
for batch/script type operations?
David Sternlight
In article <65dlj6$q...@camel21.mindspring.com>, Is...@yellow.submarine.pla
(Isaac) wrote:
>In article <347A150A...@sternlight.com>, David Sternlight wrote:
>>
>>This is a very foolish post, Greg, as a moment's reflection will convince
>>you. I know you are smarter than that.
>>
>>1. Are you making a guarantee on behalf of PGP Inc. that Version 5.0
>>(free) will continue to be available? On behalf of MIT that free 2.x and
>>5.x will continue to be available? That PGP Inc. will fix any bugs found
>>without further obsoleting RSA? That PGP won't next refuse RSA keys on
>>their key server?
>>
>I suppose it's possible that PGP might refuse new RSA keys, but the
>availability of PGP 2.6 and 5.0 are assured independent of the wishes
>of PGP Inc. The stuff is on ftp sites all over the place with
>licenses saying that it's free. Free users will have no problems
>getting what they need. And there are no signs that commercial versions
>won't have RSA keys as long as PGP has a choice in the matter.
Though I haven't confirmed it, I understand they have removed RSA from the
base versions of commercial 5.5x. They are now, I am told, forcing pay
users who want RSA to pay extra. It is only a short step from that to
dropping RSA entirely (if they're not forced to do so if RSADSI prevails
in the lawsuit because they will have been found to be infringing through
what a court or arbitrator may find to be their own license-violative
acts.)
Perhaps we can get some assurances from MIT that they will continue to
make 2.x and 5.0 available regardless of PGP Inc's wishes--dunno. But
given PGP Inc's copyright claims, and what I think to be at least some
history of PRZ's being willing to play fast and loose with others'
intellectual property, I'm not so sanguine as you seem to be. A determined
adversary in the wrong can still get their way for a long time via all
sorts of legal strategies, as we've seen from the behavior of the
Scientology on the net.
>
>The major problem I find with your conclusions concerning PGP's release
>of 5.52 without RSA capability is that they are no more plausible than
>other possible explanations that don't imply malice on the part of
>PGP Inc. Your conclusions are not clearly wrong, but they are not
>inescapable.
With all the discussion in the main PGP discussion group on the Net (and
now even on the Open PGP list and the Mac crypto list), if there were an
innocent explanation don't you think PGP Inc. would have long since
offered it? They have shown that they have a PR budget, so this isn't
something they would be expected to ignore.
I know of my own knowledge that behind the scenes there is dissatisfaction
with their behavior among some who might be considered to be among their
strongest supporters. It hasn't yet come to open criticism from some of
their most well-respected non-PGP-Inc. supporters, but they aren't helping
by continuing to pursue the path they are. I didn't see, for example, any
rush by MIT to announce and make available free PGP 5.52 yet.
> Yes it's possible that PGP Inc is trying to extort
>free users into switching to DSS keys. New free versions of
>PGP that don't have RSA capability would be evidence of that, but there
>are contra indications (not proof). I'll enumerate some.
>
> 1. Given the unretractable availability of alternatives, the extortion
> scheme could not possibly work. There is no way to restrict availability
> of free versions of PGP 2.6 and PGP 5.0 no matter what PGP Inc and MIT do.
Not clear if we're talking about adoption at scale by companies and
individuals who avoid products with even the suggestion they might be
under a cloud (such as PGP versions repudiated by PGP Inc.) In my own case
I have avoided versions about which there was a challenge from RSADSI on
patent infringement or license violation grounds. I would have to avoid
earlier versions if there were an analogous challenge on copyright grounds
from PGP Inc. I'm using myself in a thought experiment here as a model for
a large body of the "silent majority" in the corporate world.
Given what I infer to be their motives (as you say, there isn't proof
since my mind-reading abilities are no better than anyone wlse's), I would
not be surprised to see them coming out with a policy that earlier
versions are now "obsolete" on some trumpted-up exaggeration (such as the
fuss over MD5), and "in order to protect users" they are withdrawing
copyright permission for the use of such earlier versions.
>
> 2. Commercial versions of the software still provide RSA capability.
> If PGP decided to phase out RSA keys by not allowing them on their
> servers, wouldn't their paying customers be a little angry?
It's a short step from making it a "pay extra and go throught extra steps
to get it" that is reported for commercial 5.5x, to "no longer available"
in 6.x. As for making users mad, perhaps they believe a big enough PR
budget can allow them to get away with almost anything. Certainly the
accuracy of some of the PR materials we've seen leaves a lot to be
desired.
>
> 3. Extortion implies some force which will motivate current key holders
> to change. If there is truly a large base of RSA key holders and a
> small base of DSS key holders, it would seem that any force would be
> on those who wish to communicate with RSA key holders, but could not.
> If I wish to send you encrypted traffic, I must get your public key,
> and some compatible software right? What would be your response if
> I told you I wanted to send you encrypted traffic and suggested you
> get a key of any kind other than the one(s) you'd already published?
> (Non commercial answers please; we're talking about free PGP)
There are enough questions about earlier versions (see the recent traffic
about spoofing fingerprints) that can be blown up into a "security panic",
and enough user interface improvements, that motivation element of an
extortion can come from those "improvements". Remember we're talking about
a very large naive user base here, not the few smart folks shown to be
capable of such roll-your-own independence as scripting, etc. I am sorry
but on the historical record I think there is some basis for caution here.
>
>Frankly it's possible that the new free ware simply represents a leaner
>version that has some capability stripped out.
That theory is refuted by the presence of full RSAREF in free 5.0, yet
with RSA key generation disenabled.
> It's possible that the
>new version is also a form of functional demo ware that will encourage
>people to spend money on the full featured pay ware.
There are loyalty to their user base and graceful upgrade considerations
that tend to refute that theory, as well as contradictions between Free
5.0 and pay 5.0 that have nothing to do with money but in fact operate
opposite to their natural cost drivers. (RSA is free to them in free 5.0
but disabled; RSA costs them in pay 5.0 but isn't disabled or extra-charge
in most versions.)
> It's also possible
>that Phil is evil incarnate looking for every opportunity to exploit the
>free user population for personal gain.
I don't think he's evil incarnate. I think he's an opportunist with his
eye on the main chance, doing a lot of hypocritical posturing along the
way. I also think he bears grudges against the victim of his own improper
behavior, and rationalizes away his motives with a series of defenses that
won't stand even casual expert scrutiny (see his MicroTimes interview and
subsequent comments by patent-expert attorneys here).
> All of these explanations
>fit some subset of the available facts. I find the idea of
>extorting behavior by providing even more choices some what hard to
>swallow.
I disagree. Instead of providing choices, they are eliminating
well-established alternatives, in a way quite damaging to the user base
that made their reputation.
David
--
The search for a single solution to each of the problems of mankind inevitably leads to tyranny.--Sir Isaiah Berlin, d. Nov 5, 1997
David Sternlight
Ed Stone wrote:
> In article <347A172C...@sternlight.com> of Mon, 24 Nov 1997 16:09:34 -
> 0800, da...@sternlight.com says...
> >
> >
> > Greg Hennessy wrote:
> >
> > > In article <3477901B...@sternlight.com>,
> > > David Sternlight <da...@sternlight.com> wrote:
> > >
> > > >Then they can't interoperate with users who have chosen the new
> > > >keys.
> > >
> > > Then they ask those persons to use the old software. They can't
> > > interoperate with S/MIME wither, and you don't bitch about that.
> >
> > The didn't create the S/MIME user base. They created the PGP-RSA user base,
> > signatures, and web of trust. You are losing it, logically speaking, again.
>
> Actually, you are simply demonstrating yet again that your sauce is for PGP
> Inc, only, and not for gander. ;-)
The logical error in your response is too obvious to bear more than this brief
alert.And you seem to me to have more than amply and repeatedly demonstrated that
when PGP Inc. takes actions inimical to those of the large "free PGP" user base that
made their reputation, you will side with the "big brother" corporation and not the
user base. Who's being hypocritical here?
By the way, I am happy to grant your previously expressed wish once again, as the
fully-deserved reward for the quality of the logic in most of your recent
argumentation.
David
Ed Stone
In article <347AC6E0...@sternlight.com> of Tue, 25 Nov 1997 04:39:03 -
> > Inc, only, and not for gander. ;-)
>
> The logical error in your response is too obvious to bear more than this brief
> alert.And you seem to me to have more than amply and repeatedly demonstrated that
> when PGP Inc. takes actions inimical to those of the large "free PGP" user base that
> made their reputation, you will side with the "big brother" corporation and not the
> user base. Who's being hypocritical here?
Well, then, here is an opportunity to be evenhanded:
Let me make a simple substitution in the sentence above. "And you seem to me
to have more than amply and repeatedly demonstrated that when VeriSign takes
actions inimical to thoseof the large 'free VeriSign' user base that made
their reputation, you will side with the 'big brother' corporation and not
the user base. Who's being hypocritical here?"
[This refers to VeriSign's no longer offering FREE email certs, and
essentially diabling certs issued FREE unless payment is received. To those
of great sensitivity to abuse of the "free user base that made their
reputation" and to "big brother corporations", surely this would be
excoriated. ;-) ]
>
> By the way, I am happy to grant your previously expressed wish once again, as the
> fully-deserved reward for the quality of the logic in most of your recent
> argumentation.
Yes, the old plonk key is located in that corner you've been backed into,
yet again. ;-)
Greg Hennessy
In article <347A150A...@sternlight.com>,
David Sternlight <da...@sternlight.com> wrote:
>1. Are you making a guarantee on behalf of PGP Inc. that Version 5.0
>(free) will continue to be available?
No, but there are *many* copies of Version 5.0 on non PGP web and ftp
sites. Even if PGP wanted to make these copies unavailable, they would
be available.
>2. It is flat out false that RSA keys are insecure, comparable key
>lengths considered.
A RSA key generated with MD5 is less secure than an RSA key generated
with SHA-1.
To the best of my knowledge RSAREF *cannot* be used to generate RSA
keys with SHA-1, but only with MD5.
> But nobody has been able to suggest a way to
>created a spoofed message with desired bogus content and with the same
>hash as another message, nor is such a thing likely.
The issue isn't spoofing messages, but spoofing signatures, as Ian
Grigg pointed out on the OpenPGP list.
> You are showing the signs I have come to recognize as precursors
>of "losing it". Take a deep breath and rethink.
I sugguest that you do the same.
If your attempt was to try to gain public groundswell to change PGP's
mind about elimnation of a certain feature in the new freeware PGP,
I'd have to say you failed miserably. Your posts do not seem
consistent with that action. By accusing PGP of hidden motives,
unethical behavior, and bashing PGP Inc for their licenses on freeware
that are standard practice in the industry, you have come across as
somone wishing to bash PGP and using whatever stick is handy at the
moment.
If you want a calm discussion over the wisdom of the as yet unreleased
Free PGP 5.52 (he wrote at 9:15 EDT on a Tuesday), then we can have
one. But in my opinion you have not been calm about this issue. If you
want to take a deep breath we can continue to discuss this.
Greg Hennessy
In article <david-25119...@lax-ca66-41.ix.netcom.com>,
David Sternlight <da...@sternlight.com> wrote:
>I disagree. Instead of providing choices, they are eliminating
>well-established alternatives, in a way quite damaging to the user base
>that made their reputation.
For the second or third time, they haven't eliminated anything. Those
that want RSA keys can use versions 2.6.x. Those that want DH keys can
use 5.x. Nothing has been eliminated.
Those that want to interoperate apparently have to pay money for this
functionality. But if the free versions have all the functionality of
the for pay version, what is the incentive to purchace the for pay
system?
Would I prefer that the free ware version interoperated? Yes. But it
not doing so is not call to excoriate PGPInc over *FREE* software.
Ed Stone
I believe this is a definitive response to the unsupported assertion that the
web of trust is "broken" by new versions of PGP.
From OpenPGP list:
Date: Mon, 24 Nov 1997 22:08:00 -0800
From: Hal Finney <h...@rain.org>
To: ietf-o...@imc.org
Subject: Re: The web of trust has no clothes.
Sender: owner-iet...@imc.org
PGP 5.X implements an extension to the trust model to address the issue
raised by David Sternlight.
> Another flaw in the web of trust and PGP is now revealed and comes home
> to roost. Now that PGP Inc. has deep-sixed RSA in new free versions,
> not only does everyone with an old RSA key have to generate a new key
> but also a complete new set of signatures and web of trust must be built
> if they wish to use the "better" algorithms. And the new keys must be
> distributed to correspondents, either directly or by "pull" from
> servers. This took years the first time--perhaps the second time it will
> be a bit faster.
The way it works is as follows. If you have two keys with identical
userids, and the first key signs the second userid, then validity from
the signatures on the first user ID gets propagated to the second userid.
The effect is that if you generate a new DSA key with the same name
as your old RSA key, and sign it with your old key, then your new key
inherits the validity from the old key. (This propagation happens
irrespective of whether the old key is marked as a trusted introducer.)
In effect, the signatures on your old key automatically get applied to
your new key. This is an easy way to inherit the signatures from the old
web of trust. The new keys do not have to start from scratch, as implied
above.
There may be some concern that this would introduce certain kinds of
spoofing attacks. Let us assume that the old signatures are valid,
that the old key is in fact properly bound to the userid. (If the old
signatures are invalid, no one should trust them anyway, so they have no
impact on the web of trust.) Now, when that old key issues a signature
on the same userid on another key, it is in effect asserting that the
same keyholder controls this other key.
If the other key actually does belong to the same keyholder, then there
is no danger in transferring validity from the signatures on the old
key over to the new one. The new key is in fact valid, and so measures
which show it as valid are proper.
The questionable aspect arises if the new key does not actually belong
to the keyholder. For example, someone might create a key and put Phil
Zimmermann's name and email address on it. If Phil signed that name, he
would be falsely claiming that this other key belonged to him. With the
5.X extension to the trust model, other signatures on Phil's true key
would be treated as though they apply to this new key. Someone trying
to encrypt a message to Phil might find their software encrypting it to
this new key instead of Phil's real key. This might appear to be a
security weakness.
Note, though, that this can only occur with Phil's active cooperation.
He has knowingly signed a userid which matches his own but is bound to
someone else's key. Only in this circumstance can it occur that other
people will encrypt to this key when they mean to encrypt to Phil.
However, since this was done with Phil's active cooperation, he is
intentionally sharing the contents of messages with the other keyholder.
But if this is his intention, he can do that even with the old trust
model. He has the power to share the contents of his encrypted messages
with anyone he wants.
It was our conclusion that this feature does not add any new weaknesses
to the PGP trust model, and it greatly improves its robustness and
usability as new keys are introduced. In fact, the basic idea can
probably be improved to make it easier to retire and replace old keys
in a more general way, while retaining the validity of old signatures.
This would be a good topic for OP V2.
Hal Finney
h...@pgp.com
Greg Hennessy
In article <MPG.ee494b0a...@news.vnet.net>,
Ed Stone <nos...@synernet.com> wrote:
>I think Phil Zimmermann is the guy who risked much and worked hard to put
>strong crypto into the hands of everyman, out of concern for threats to
>privacy and potential government prohibitions of domestic crypto distribution
>that was in pending legislation at the time.
I do like what Phil has done a lot, but it really bothered me that he
wanted a free license from RSADSI to write his for pay software. If he
was always going to do for free versions, I'd have not beef about what
he did.
Greg Hennessy
In article <65d3c1$c...@camel15.mindspring.com>,
Isaac <Is...@yellow.submarine.pla> wrote:
>I disagree. As far as his excoriations are concerned, I believe he has
No quite. David admits he excoriates whom he chooses, but says that
he'd excoriate anyone in the exact same situation. David is then very
clever in finding reasons why (for example) a case with RSA has some
tiny difference that makes it not identical, so he doesn't then have
to excoriate RSA.
Greg Hennessy
In article <347A1580...@sternlight.com>,
David Sternlight <da...@sternlight.com> wrote:
>> If Sternlight admits to having double standards, I suspect that most
>> people would no longer argue with him.
>
>My response to your previous post was prophetic. You HAVE lost it. Time to
>apologize and get back to our agreed ground rules, again, Greg.
I don't think I have said anything that requires an apology. I didn't
say you had double standards. I said that if you said you had double
standards then I don't think most people would argue with you.
My comment is about others not about you.
However, if you wish an apology for my statement above, you have one.
Greg Hennessy
In article <347A172C...@sternlight.com>,
David Sternlight <da...@sternlight.com> wrote:
>The didn't create the S/MIME user base. They created the PGP-RSA user base,
>signatures, and web of trust. You are losing it, logically speaking, again.
They created it, and can continue to use it.
As an aside, please stop saying that I'm losing it in multiple
messages.
>This is untrue. The claim by a PGP flack was with respect to the PGP Inc. key
>server--a very new operation.
It is a gratitious slam to refer to Gene Hoffman as a "flack".
And you are now wrong *TWICE*. I now excerpt Mr. Hoffman's post under
fair use:
>Some quick rough numbers. On the MIT keyservers there are now about 95,000
>new public keys since 5/20. Of them 85% are DSS/DH(El Gamal) keys. Before
>that I beleive that there were ~20K RSA keys...
He quite clearly refers to the MIT keyserver. Not the PGP one. You
have now attempted to correct me *TWICE* with incorrect information.
Please do your homework before trying to correct me.
Greg Hennessy
In article <347A1287...@sternlight.com>,
David Sternlight <da...@sternlight.com> wrote:
> As usual you are tiresomely repeating points already refuted. PGP
> Inc. made their reputation on the free user base, and caused a large
> user body of RSA-keys, signatures, and web of trust to be created.
David, can you keep your word wrap below 80 columns please?
Verisign made their reputation on the free user base of certs. Without
certs Netscape and Microsoft Explorer can't exchange secure or
encrypted email/news.
Why are you silent on the issue of Verisign abandoning the free user
base of certs? Surely you could spare a post or two about that issue,
to dispel the notition that you are simply using a convenient stick to
bash PGPInc.
Greg Hennessy
In article <347A2DB3...@sternlight.com>,
David Sternlight <da...@sternlight.com> wrote:
>They didn't just produce a new version. The
>made all the old RSA keys, signatures, and web-of-trust structure worthless
>to users of the new version and conversely.
Since you can create a new key, and sign it with the old key, and the
new key inherits the web of trust from the old one.
Hardly worthless.
Greg Hennessy
In article <347A17B1...@sternlight.com>,
David Sternlight <da...@sternlight.com> wrote:
>PGP Inc's press releases and claims on the matter. Of course it COULD have
>been a coincidence. And pigs might fly.
*WHAT* press release?
Cylink sent RSADSI a letter on May 13 that discussed Cylink's view on
the matter.
A hand wavy reference to a press release doesn't count as evidence
that PGP was behind Cylink's actions.
I don't know why you don't think Cylink wouldn't be interested in
their share of PGPInc's licensing fees.
Ron Heiby
David Sternlight <da...@sternlight.com> wrote:
>Specious logic. RSADSI IS the licensor of the RSA patent. No third parties are
>involved.
Sorry, but the "RSA patent" is not the only software patent in existence.
(Sometimes, I wish there were only one.) The RSA license doesn't say that
you don't have to worry about infringing on anyone's patent because the only
one there is is RSA's, and if they are wrong, RSA will be responsible for
misleading you. No. It says that it is entirely the licensee's
responsibility to research all potential patent infringements and be
responsible for the consequences of infringement of ANY of them, not just
the RSA patent, ANY of them.
Obviously, the license to use the RSA patent means that they won't come
after you for making use of the RSA patent, within the terms of the license.
Also obviously, to many of us, is that the license to use the RSA patent
leaves everyone responsible for their own inadvertant infringement of ANY
OTHER patents that may apply to the use of the software in question.
--
Ron.
David Lesher
SternFUD whines...
|{PGP} is free to make them all rekey and get new signatures in aid
|of PGP's vendetta against RSADSI?
And SternFUD's buddies are free to FORCE people to register new
certs with them, instead of accepting the existing standard, PGP's?
Why.... {splutter} there otta be a law!!!!
;-}
--
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433
Bill Unruh
>In article <347A150A...@sternlight.com> of Mon, 24 Nov 1997 16:00:29 -
>0800, da...@sternlight.com says...
><snip>
>> 3. MD5 has not been broken nor is that imminent. There is a theoretical
>> possibility that two messages can hash to the same total--this is true of
>> any hashing algorithm. But nobody has been able to suggest a way to
>> created a spoofed message with desired bogus content and with the same
...
>This reminds me that you have not responded to my point: "If you advise users
>to continue to use MD5 as a message digest, please express the reasons, and
>technical supports, why RSA Laboratories' Advisory recommendation should be
>ignored."
>What are those reasons, and technical supports?
While what David says is true, what he does not say is just as
important. MD5 has been shown to be weak. methods of producing
collisions have been suggested for subsets of MD5 making its resisitance
to actual practical breaking doubtful. Since signatures require a long
shelf life at times, RSA (and any other crypto manufacturer) would be
remiss in not warning of the potential problems with MD5. Ie, as a
practical matter he is wrong.
Isaac
In article <david-25119...@lax-ca66-41.ix.netcom.com>,
>Given what I infer to be their motives (as you say, there isn't proof
>since my mind-reading abilities are no better than anyone wlse's), I would
>not be surprised to see them coming out with a policy that earlier
>versions are now "obsolete" on some trumpted-up exaggeration (such as the
>fuss over MD5), and "in order to protect users" they are withdrawing
>copyright permission for the use of such earlier versions.
>
extremely surprised if they thought this would work.
>>Frankly it's possible that the new free ware simply represents a leaner
>>version that has some capability stripped out.
>
>That theory is refuted by the presence of full RSAREF in free 5.0, yet
>with RSA key generation disenabled.
>
Is the RSAREF code in PGP 5.52? Since free 5.0 has some RSA capability
and 5.52 allegedly has none, I don't think the it's safe to make
your inference.
>> It's possible that the
>>new version is also a form of functional demo ware that will encourage
>>people to spend money on the full featured pay ware.
>
>There are loyalty to their user base and graceful upgrade considerations
>that tend to refute that theory, as well as contradictions between Free
>5.0 and pay 5.0 that have nothing to do with money but in fact operate
>opposite to their natural cost drivers. (RSA is free to them in free 5.0
>but disabled; RSA costs them in pay 5.0 but isn't disabled or extra-charge
>in most versions.)
The point was that grudges and hyprocrisy are no better explanation for
the observed facts. If you are suggesting that version 5.52 represents
a change in behaviour for PGP Inc, I don't think its fair to dismiss
changes that don't require bad will or motives.
>
>I disagree. Instead of providing choices, they are eliminating
>well-established alternatives, in a way quite damaging to the user base
>that made their reputation.
>
My point doesn't involve just looking at PGP 5.52, but looking at all of
the available free alternatives. PGP 5.52 is one more free offering to
be used or ignored at the option of the user. PGP Inc has no option to
rescind the right for people to use any of the released free versions for
non commercial use. People who have RSA keys already have software that
meets their needs, and people who want to communicate with them can
get appropriate software. They can also get some incompatible free
software that may have features that encourage them to use DSS keys.
Sure looks like choice to me.
Isaac
David Sternlight
In article <65fi5q$c...@camel15.mindspring.com>, Is...@yellow.submarine.pla
(Isaac) wrote:
>
>>>Frankly it's possible that the new free ware simply represents a leaner
>>>version that has some capability stripped out.
>>
>>That theory is refuted by the presence of full RSAREF in free 5.0, yet
>>with RSA key generation disenabled.
>>
>and 5.52 allegedly has none, I don't think the it's safe to make
>your inference.
Sorry. I missed the word "new". The point applies, of course, to 5.0.
However there's enough added to 5.52 to make it unlikely they wanted to do
a "leaner" version. You are bending over backward to defend them here, and
given their behavior I don't think they are deserving of your good
offices.
Isaac
In article <347A150A...@sternlight.com>, David Sternlight wrote:
>
>This is a very foolish post, Greg, as a moment's reflection will convince
>you. I know you are smarter than that.
>
>5.x will continue to be available? That PGP Inc. will fix any bugs found
>without further obsoleting RSA? That PGP won't next refuse RSA keys on
>their key server?
>
I suppose it's possible that PGP might refuse new RSA keys, but the
availability of PGP 2.6 and 5.0 are assured independent of the wishes
of PGP Inc. The stuff is on ftp sites all over the place with
licenses saying that it's free. Free users will have no problems
getting what they need. And there are no signs that commercial versions
won't have RSA keys as long as PGP has a choice in the matter.
The major problem I find with your conclusions concerning PGP's release
of 5.52 without RSA capability is that they are no more plausible than
other possible explanations that don't imply malice on the part of
PGP Inc. Your conclusions are not clearly wrong, but they are not
inescapable. Yes it's possible that PGP Inc is trying to extort
free users into switching to DSS keys. New free versions of
PGP that don't have RSA capability would be evidence of that, but there
are contra indications (not proof). I'll enumerate some.
1. Given the unretractable availability of alternatives, the extortion
scheme could not possibly work. There is no way to restrict availability
of free versions of PGP 2.6 and PGP 5.0 no matter what PGP Inc and MIT do.
2. Commercial versions of the software still provide RSA capability.
If PGP decided to phase out RSA keys by not allowing them on their
servers, wouldn't their paying customers be a little angry?
3. Extortion implies some force which will motivate current key holders
to change. If there is truly a large base of RSA key holders and a
small base of DSS key holders, it would seem that any force would be
on those who wish to communicate with RSA key holders, but could not.
If I wish to send you encrypted traffic, I must get your public key,
and some compatible software right? What would be your response if
I told you I wanted to send you encrypted traffic and suggested you
get a key of any kind other than the one(s) you'd already published?
(Non commercial answers please; we're talking about free PGP)
Frankly it's possible that the new free ware simply represents a leaner
version that has some capability stripped out. It's possible that the
new version is also a form of functional demo ware that will encourage
people to spend money on the full featured pay ware. It's also possible
that Phil is evil incarnate looking for every opportunity to exploit the
free user population for personal gain. All of these explanations
fit some subset of the available facts. I find the idea of
extorting behavior by providing even more choices some what hard to
swallow.
Isaac
Ed Stone
In article <david-25119...@lax-ca66-41.ix.netcom.com> of Tue, 25 Nov
1997 04:14:55 -0800, da...@sternlight.com says...
<snip>
> It is only a short step from that to
> dropping RSA entirely (if they're not forced to do so if RSADSI prevails
> in the lawsuit because they will have been found to be infringing through
> what a court or arbitrator may find to be their own license-violative
> acts.)
Let me put that last one in symbollic form:
If A If B because C through D may find E.
Quite a distance from "A" to "E". ;-)
<snip>
<snip>
> Given what I infer to be their motives (as you say, there isn't proof
> since my mind-reading abilities are no better than anyone wlse's), I would
> not be surprised to see them coming out with a policy that earlier
> versions are now "obsolete" on some trumpted-up exaggeration (such as the
> fuss over MD5), and "in order to protect users" they are withdrawing
> copyright permission for the use of such earlier versions.
Is the formal Advisory of RSA Laboratories, which recommends "swapping out"
MD5 for SHA-1 or other strong message digest when a product is revised,
"trumpted-up exaggeration"? What is your authority for contesting the
recommendation of RSA Laboratories? Technical supports for it?
<snip<
> It's a short step from making it a "pay extra and go throught extra steps
> to get it" that is reported for commercial 5.5x, to "no longer available"
> in 6.x. As for making users mad, perhaps they believe a big enough PR
> budget can allow them to get away with almost anything. Certainly the
> accuracy of some of the PR materials we've seen leaves a lot to be
> desired.
A related question about VeriSign. Users who got free certs from VeriSign
must renew them regularly. Recently, VeriSign ceased providing FREE email key
certs. Now users must pay VeriSign to keep their cert active and valid. Of
course, the chairman of the board of VeriSign is James Bidzos, who is also
CEO of RSADSI. Does this practice of taking the step from FREE to "pay or
lose it" raise ethical questions? While one can get free PGP from a number of
places, you get a VeriSign cert only from VeriSign, and now you pay or lose
it. Don't users have a right to continued free certs, of the same nature of
PGP users having a right to free PGP? Is VeriSign "attacking its old user
base" by now charging for certs?
<snip>
> I don't think he's [Phil Zimmermann] evil incarnate. I think he's an opportunist with his
> eye on the main chance, doing a lot of hypocritical posturing along the
> way. I also think he bears grudges against the victim of his own improper
> behavior, and rationalizes away his motives with a series of defenses that
> won't stand even casual expert scrutiny (see his MicroTimes interview and
> subsequent comments by patent-expert attorneys here).
I think Phil Zimmermann is the guy who risked much and worked hard to put
strong crypto into the hands of everyman, out of concern for threats to
privacy and potential government prohibitions of domestic crypto distribution
that was in pending legislation at the time.
<snip>
David Sternlight
In article <65fn2o$c...@camel15.mindspring.com>, Is...@yellow.submarine.pla
(Isaac) wrote:
>I am not so much defending them as indicating that no case condemning them
>has been made.
If it's syllogistic proof you want, that's not going to be available
unless they confess or an employee with knowledge defects. On the other
hand, if you believe in "preponderance of the evidence" and have followed
PGP's long history...
> I have no idea what features are in 5.52. You are
>the only person I've seen posting any information about 5.52.
I find it very odd. Unless they've withdrawn the upload, I don't
understand why nobody else in this rather vigorous community has been able
to get a copy. Mine comes with a license permitting me to distribute it
further, but given the size and that I have no wish to aid them until I'm
satisfied they are acting from what I think to be proper motives, I'm not
going to do so.
> It's very
>likely I've not come anywhere near the true explanation of PGP Inc's
>position on RSA keys, but my point is that it's at least equally likely
>that you haven't either.
I don't think that syllogism will withstand close analysis given that I'm
appealing to a historical pattern of behavior as well, but let's let that
pass.
>
>I'll freely admit that I don't completely buy the MD5 is weak explanation,
>but I do find it plausible that PGP Inc would like to phase out RSA keys
>for a variety of reasons,
Why they just don't swallow hard, face up to that RSA is patented and that
RSADSI is the world's premier crypto firm, and then license RSA in a way
that includes keeping their license agreements in a completely open and
unambiguous way is beyond me. As a former senior corporate executive of
two Fortune 50 companies for 20 years, their behavior runs counter to any
rational corporate behavior I'm familiar with, and their behavior towrd
the huge RSA-key customer base they owe their reputation to shocks me. It
is that context I'm coming from.
Note that IBM, DEC, Apple, Netscape, Microsoft, and many other highly
respected companies with big patent law departments license RSADSI's stuff
and there hasn't been a peep from them against RSADSI, nor any gratuitous
actions against RSA of the sort we're seeing from PGPI2. A dispassionate
account of their behavior would not encourage such "straight-arrow"
corporations to become customers.
> and that free software without such keys, but
>with other desireable features is part of the strategy. I can't find
>anything unethical about this until I accept a malicious explanation
>of their behaviour. For me this will require disproving a number of
>non malicious explanations.
Say rather that Sherlock Holmes' rule, or Occam's Razor applies. If the
behavior is irrational on its face, and they don't give a rational
explanation, the assumption has to be that what remains is the truth.
Isaac
In article <david-25119...@lax-ca69-58.ix.netcom.com>,
>Sorry. I missed the word "new". The point applies, of course, to 5.0.
>However there's enough added to 5.52 to make it unlikely they wanted to do
>a "leaner" version. You are bending over backward to defend them here, and
>given their behavior I don't think they are deserving of your good
>offices.
>
I am not so much defending them as indicating that no case condemning them
has been made. I have no idea what features are in 5.52. You are
the only person I've seen posting any information about 5.52. It's very
likely I've not come anywhere near the true explanation of PGP Inc's
position on RSA keys, but my point is that it's at least equally likely
that you haven't either.
I'll freely admit that I don't completely buy the MD5 is weak explanation,
but I do find it plausible that PGP Inc would like to phase out RSA keys
for a variety of reasons, and that free software without such keys, but
with other desireable features is part of the strategy. I can't find
anything unethical about this until I accept a malicious explanation
of their behaviour. For me this will require disproving a number of
non malicious explanations.
Isaac
Greg Hennessy
In article <david-25119...@lax-ca69-58.ix.netcom.com>,
David Sternlight <da...@sternlight.com> wrote:
>You are bending over backward to defend them here, and
>given their behavior I don't think they are deserving of your good
>offices.
You attack PGP's behavior, and when someone defends their behavior you
state that PGP's behavior doesn't warrent that person's good graces?
Do I have that straight?
Greg Hennessy
In article <david-25119...@lax-ca66-31.ix.netcom.com>,
David Sternlight <da...@sternlight.com> wrote:
>On the other
>hand, if you believe in "preponderance of the evidence" and have followed
>PGP's long history...
You haven't provided any evidence, only innuendo and attacks on PKZ's
personal, and PGP's corporate integrity.
>Unless they've withdrawn the upload, I don't
>understand why nobody else in this rather vigorous community has been able
>to get a copy.
Where did you get your copy? *How* and when did you get it?
Is it possible that someone has hoaxed you with a false copy of the as
far as everyone else knows unreleased version of 5.52?
>Why they just don't swallow hard, face up to that RSA is patented and that
>RSADSI is the world's premier crypto firm, and then license RSA in a way
>that includes keeping their license agreements in a completely open and
>unambiguous way is beyond me.
I'll bet serious money that if PKZ divorced himself of all things to
do with PGPInc, and went to Bidzos to get a new license for a new
company to do just that, Bidzos would figuratively spit in his
eye. I'd put the odds at 50-50 that Bidzos would literaly spit in his
eye.
Besides, who needs to deal with RSA when ElGamal is *not* under patent
restrictions?
>Note that IBM, DEC, Apple, Netscape, Microsoft, and many other highly
>respected companies with big patent law departments license RSADSI's stuff
>and there hasn't been a peep from them against RSADSI, nor any gratuitous
>actions against RSA of the sort we're seeing from PGPI2.
RSA has sued TRW, and Cylink.
Have you considered that the legal trouble maybe because Bidzos has a
grudge against PKZ?
Isaac
In article <65haed$8...@clarknet.clark.net>, Greg Hennessy wrote:
>Is it possible that someone has hoaxed you with a false copy of the as
>far as everyone else knows unreleased version of 5.52?
>
or inadvertantly released. Someone else posted that PGP 5.52 was
briefly (less than 24 hrs) available. It's even possible that PGP Inc
reconsidered after releasing the product. The website says to be
patient and wait till next week for a new version.
Isaac
David Sternlight
In article <65hc7p$2...@camel18.mindspring.com>, Is...@yellow.submarine.pla
(Isaac) wrote:
Since 5.52 WAS released, albeit for 24 hours (if the claim is accurate),
if replacement with 5.53 was due to a bug, PGP's more rabid defenders can
no longer say that releases were bug-free.
It's also possible that 5.52 contains something they'd just as soon not
have released free (maybe RSA or some such via inadvertence). It appears
they've been trying to have all-purpose code which can be tailored to
particular models (RSA or not, etc.) via compile-time options. When I get
the chance I'm going to check it out. Since I got it with unlimited free
non-commercial redistribution rights (under specified circumstances which
are pretty straightforward--being sure to include the complete package,
etc.), if the inadvertence turns out to be something nice like the
inclusion of the commercial version's RSA code, maybe we can "help" PGP
Inc. to do the right thing after all. :-)
Greg Hennessy
In article <david-26119...@lax-ca66-07.ix.netcom.com>,
David Sternlight <da...@sternlight.com> wrote:
>if replacement with 5.53 was due to a bug, PGP's more rabid defenders can
>no longer say that releases were bug-free.
Who ever claimed *that*? Cite please.
>It appears
>they've been trying to have all-purpose code which can be tailored to
>particular models (RSA or not, etc.) via compile-time options. When I get
>the chance I'm going to check it out. Since I got it with unlimited free
>non-commercial redistribution rights (under specified circumstances which
>are pretty straightforward--being sure to include the complete package,
>etc.), if the inadvertence turns out to be something nice like the
>inclusion of the commercial version's RSA code, maybe we can "help" PGP
>Inc. to do the right thing after all. :-)
Do you have source or just a binary?
I do know that the source for 5.0 for Linux is ready at www.pgpi.com,
and it looks like a simple recompile gets generation of RSA keys in
the unix version. Sometime in the next week I hope to try it. When
they get the MAC and Windows95 version proofread, you should be able
to simply recompile to get the functionality you desire.
How about a nice word or two towards PGP for publishing the code thus
making it easier to get added functionality. You sure can't recompile
netscape to get more functionality.
David Sternlight
Ed Stone wrote:
> In article <david-25119...@lax-ca66-41.ix.netcom.com> of Tue, 25 Nov
> 1997 04:14:55 -0800, da...@sternlight.com says...
> <snip>
> > It is only a short step from that to
> > dropping RSA entirely (if they're not forced to do so if RSADSI prevails
> > in the lawsuit because they will have been found to be infringing through
> > what a court or arbitrator may find to be their own license-violative
> > acts.)
>
> Let me put that last one in symbollic form:
>
> If A If B because C through D may find E.
> Quite a distance from "A" to "E". ;-)
> <snip>
Stone seem to have trouble following two separate lines of reasoning at the same time. The
first is straight path:
1. Drop RSA key generation in free PGP
2. Drop RSA in free PGP
3. Charge extra for RSA in pay PGP
4. Drop RSA in pay PGP.
The second is equally straight. Forced to drop RSA in pay PGP because they lost the lawsuit
and won't pay.
>
>
> <snip>
> > Given what I infer to be their motives (as you say, there isn't proof
> > since my mind-reading abilities are no better than anyone wlse's), I would
> > not be surprised to see them coming out with a policy that earlier
> > versions are now "obsolete" on some trumpted-up exaggeration (such as the
> > fuss over MD5), and "in order to protect users" they are withdrawing
> > copyright permission for the use of such earlier versions.
>
> Is the formal Advisory of RSA Laboratories, which recommends "swapping out"
> MD5 for SHA-1 or other strong message digest when a product is revised,
> "trumpted-up exaggeration"? What is your authority for contesting the
> recommendation of RSA Laboratories? Technical supports for it?
Stone has been posting spam on this topic for many messages. Although I've not responded, he
keeps posting the same spam. I'll respond this once. One may swap out MD5 for SHA-1 without
dropping RSA in pay PGP, especially if, as PGP Inc. claims, they rely on a general Viacrypt
license to the RSA patent itself. As for free PGP, RSADSI has not swapped it out yet, nor have
any of their clients. Of course Stone is smarter than RSADSI, IBM, Apple, Netscape, Microsoft,
and who knows who else. His constant misdirection on this point has now become absurd.
In due course, if RSADSI integrates a swap-out, it will show up in all clients (including
perhaps RSAREF). Meanwhile the issue is mainly theoretical, and of extremely low (say zero)
practical import, as has been explained repeatedly but Stone ignores.
> <snip<
> > It's a short step from making it a "pay extra and go throught extra steps
> > to get it" that is reported for commercial 5.5x, to "no longer available"
> > in 6.x. As for making users mad, perhaps they believe a big enough PR
> > budget can allow them to get away with almost anything. Certainly the
> > accuracy of some of the PR materials we've seen leaves a lot to be
> > desired.
>
> A related question about VeriSign.
Not at all related, but Stone persists in his hard-wired RSADSI and Verisign bashing. Who's
the 'bot here?
> Users who got free certs from VeriSign
> must renew them regularly. Recently, VeriSign ceased providing FREE email key
> certs. Now users must pay VeriSign to keep their cert active and valid. Of
> course, the chairman of the board of VeriSign is James Bidzos, who is also
> CEO of RSADSI. Does this practice of taking the step from FREE to "pay or
> lose it" raise ethical questions?
Verisign announced at the time they first became available that the free certs were for a
trial period, and not permanent. No such announcement was made by PGP Inc. when huge numbers
of users adopted PGP RSA keys.
As for expiry, that is a part of the security standard. It is PGP which has had the flaw in
that its keys never expired. More recently, PGP has tried to come into consistence with the
widely held security standard by giving key generators the option of putting an expiration
date on their newly-generated keys. This is yet another example of Stone using his ignorance
of current crypto practice to post nonsense (or if he's aware of same, I think to deliberately
post misleading information).
> While one can get free PGP from a number of
> places, you get a VeriSign cert only from VeriSign, and now you pay or lose
> it.
Again Stone posts what I think he knows is deliberately misleading, because he has read and
reponded to the messages listing many certification authorities, including Thawte which still
provides free certificates. As for his "and now", that is misleading because the policy had
always been announced that Verisign's free certs were "introductory". As for "or lose it", as
Stone knows perfectly well certs always had expiration dates. This is also so for Thawte's
free certs. Even Verisign's free WebPass certs have an expiration date (albeit a long one
running into the next century).
This is not the place to remedy Stone's ignorance on modern crypto practice by giving a
lecture on expiration dates. Suffice it to say that either it would be beneficial for him to
pursue education on the matter if he's going to discuss it, or if he already knows this to
stop posting inflammatory attempts to provoke by posting what I think to be deliberately
misleading matter.
> Don't users have a right to continued free certs, of the same nature of
> PGP users having a right to free PGP?
Not if that was the deal at the start. The "free" was pre-announced as temporary. The
expiration dates were pre-announced. In contrast, PGP did not say that they would withdraw
free PGP or PGP RSA sigs when users adopted them in large numbers. And there was no expiration
date on the PGP keys.
> Is VeriSign "attacking its old user
> base" by now charging for certs?
No. See above. Your specious argumentation is pathetic.
> <snip>
> > I don't think he's [Phil Zimmermann] evil incarnate. I think he's an opportunist with his
> > eye on the main chance, doing a lot of hypocritical posturing along the
> > way. I also think he bears grudges against the victim of his own improper
> > behavior, and rationalizes away his motives with a series of defenses that
> > won't stand even casual expert scrutiny (see his MicroTimes interview and
> > subsequent comments by patent-expert attorneys here).
>
> I think Phil Zimmermann is the guy who risked much
What? When he got the RSADSI cease and desist letter about infringing the RSA patent he
stopped. He didn't post the code to the Internet but (by his own account in MicroTimes) got
another (Kelly Goen admitted to this some time ago in one of the PGP newsgroups) to take the
possible risks both of infringing and felony export law violation. As soon as he came under
question and even before he was charged with anything he got lawyers to go pro bono and others
to contribute funds by trying to wrap himself in a "civil liberties" mantle. What, exactly,
did he risk? Without the inventions of others (RSA, IDEA) he would likely be just another
average programmer wasting a lot of time at "politically correct" faddish anti-nuclear
protests.
(These days, with "global warming" being the politically correct fad cause of the day,
nuclear power is looking better and better. If the price hikes contemplated for fossil fuels
to reduce "global warming" take effect, even with the much higher nuclear design, training,
and safety costs imposed by the reactions to Three Mile Island and Chernobyl, the world may
well end up all-nuclear (the economic analysis backing this up and taking account of both
conservation and market forces is off-topic for this group). Follow-ups to this paragraph via
e-mail please, to avoid an off-topic thread spawning from a response to Stone's assertion. )
Except for a little programming of a pedestrian variety with respect to key management, I have
yet to see any clear description of any original contribution by Phil to the crypto
state-of-the-art. Even the idea of a free crypto package wasn't unique to Phil. Mark Riordan
had developed RPEM at Michigan and then RIPEM (legally licensed by RSADSI, unlike PGP of the
same era, and also available over the Internet). The two were roughly contemperaneous.
I don't say that what Phil did wasn't useful (leaving aside the legal questions). I do say
there's little evidence he "risked much", especially compared to the hundreds of thousands of
entrepreneurs out there. He seems to me to be just another programmer trying to make a buck,
with an increasing disregard for the user base that made his reputation as he pursued the
dollar. It's an old story.
And before anyone rushes in to say "well, he did a new free version even if he did kill the
entire existing free user base key structure and web of trust in it", I should point out that
without that he'd have a tiny customer base, and no claim to much attention by IETF or anyone
else compared to others with similarly-sized customer bases. Instead the real de facto
standard--RSADSI/S-MIME/X509 as implemented by Verisign et al--would be the only credible one.
For the commercial version of PGP or the Open PGP activities in the iETF to have much
credibility PGP has to preserve the illusion of a big free user base even as they sabotage it.
Without such discussion groups as this one, they might get away with it unremarked.
> and worked hard to put
> strong crypto into the hands of everyman,
So did Mark Riordan with RIPEM and without callous disregard of other people's intellectual
property, or inducing another to commit a possible felony violation of ITAR while jumping from
phone booth to phone booth to avoid the imagined Feds after him (Kelly's account). If anyone
deserves to be said to have risked much, it is Kelly, not Phil.
> out of concern for threats to
> privacy and potential government prohibitions of domestic crypto distribution
> that was in pending legislation at the time.
Same story. It was Kelly who took the risks, not Phil. What Phil did was no different from
what Mark Riordan did (except for Phil's taking RSA without a license), or come to that what
RSADSI, Apple, IBM, DEC, and many others did. They, too, worked to get domestic crypto out
there, and in Mark's case free and with respect for other people's intellectual property.
David
Note: The historical accounts above are derived from the claims attributed to Phil via quotes
in his MicroTimes interview, the claims made by Kelly Goen on the Internet and to Jim Warren
and confirmed by Phil in that interview, Phil's own comments in the original PGP
documentation, various factual articles by Jim Warren in MicroTimes and on the Internet,
Simpson Garfinkel's book, "PGP", and Prof. Lance J. Hoffman's book on the crypto debate,
"Building in Big Brother". The writer has used multiple sources, cross-checked the reportage
above, and holds a good faith belief they are accurate. They are presented in the writer's
capacity as a journalist.
David Sternlight
Greg Hennessy wrote:
> In article <david-25119...@lax-ca66-41.ix.netcom.com>,
> David Sternlight <da...@sternlight.com> wrote:
>
> >I disagree. Instead of providing choices, they are eliminating
> >well-established alternatives, in a way quite damaging to the user base
> >that made their reputation.
>
> For the second or third time, they haven't eliminated anything. Those
> that want RSA keys can use versions 2.6.x. Those that want DH keys can
> use 5.x. Nothing has been eliminated.
That is the worst kind of special pleading. The current free version has
eliminated RSA.
David
David Sternlight
False. Evidence, please.
> Without
> certs Netscape and Microsoft Explorer can't exchange secure or
> encrypted email/news.
>
> Why are you silent on the issue of Verisign abandoning the free user
> base of certs? Surely you could spare a post or two about that issue,
> to dispel the notition that you are simply using a convenient stick to
> bash PGPInc.
I haven't been silent. Another has been flogging that bogus claim and
I've mostly been ignoring him until today. Verisign had, from the start,
characterized the free certs as introductory, and they had mandatory
expiration dates. PGP didn't characterize RSA keys as introductory, nor
did they have mandatory expiration dates.You don't come off very well as
an echo. I assume you aren't another version of that persona. Nothing
personal.
David
David Sternlight
Greg Hennessy wrote:
>Have you considered that the legal trouble maybe because Bidzos has a grudge
against PKZ?
That's pretty droll, considering who the original infringer was.
And it's not necessarily personal. Bidzos has a fiduciary duty to protect
RSADSI's patent rights. If I read the various public statements by Phil and
Bidzos, I come to the opposite conslusion you do. PRZ's and PGP Inc.'s
behavior toward RSADSI suggests strongly there's a grudge there.
As I've said, I think it's a case of the offender blaming the victim, perhaps
to distract from his own dirty hands.
David.
David Sternlight
Ed Stone wrote in comp.security.pgp.discuss:
> I believe this is a definitive response to the unsupported assertion that the
> web of trust is "broken" by new versions of PGP.
I respond to Finney, not Stone. I copy this to the open pgp list not only
because Finney's post appeared there (in response to mine--I throw no stones by
that remark), but also because there may be some valuable lessons here for Open
PGP development.
>
>
> From OpenPGP list:
>
> Date: Mon, 24 Nov 1997 22:08:00 -0800
> From: Hal Finney <h...@rain.org>
> To: ietf-o...@imc.org
> Subject: Re: The web of trust has no clothes.
> Sender: owner-iet...@imc.org
>
> PGP 5.X implements an extension to the trust model to address the issue
> raised by David Sternlight.
>
> > Another flaw in the web of trust and PGP is now revealed and comes home
> > to roost. Now that PGP Inc. has deep-sixed RSA in new free versions,
> > not only does everyone with an old RSA key have to generate a new key
> > but also a complete new set of signatures and web of trust must be built
> > if they wish to use the "better" algorithms. And the new keys must be
> > distributed to correspondents, either directly or by "pull" from
> > servers. This took years the first time--perhaps the second time it will
> > be a bit faster.
>
> The way it works is as follows. If you have two keys with identical
> userids, and the first key signs the second userid, then validity from
> the signatures on the first user ID gets propagated to the second userid.
> The effect is that if you generate a new DSA key with the same name
> as your old RSA key, and sign it with your old key, then your new key
> inherits the validity from the old key. (This propagation happens
> irrespective of whether the old key is marked as a trusted introducer.)
>
> In effect, the signatures on your old key automatically get applied to
> your new key. This is an easy way to inherit the signatures from the old
> web of trust. The new keys do not have to start from scratch, as implied
> above.
Since I've been somewhat critical of Jeff Schiller recently in the context of
IETF actions toward RSADSI with respect to S/MIME and also the disabling of RSA
key generation in MIT PGP 5.0, perhaps he'd not like to sign my newer keys and
maybe even regrets he signed my earlier PGP key. WIth this feature , I can get
him to "sign" my new keys iinvoluntarily. What is more, I can arrange that my
new key, like my old one, has no expiration date, further locking Jeff in.
(Nothing personal--this is a notional example with details to fix ideas.)The
approach you adopted forces the entire user base to generate new keys if they
wish the features of free 5.5x, and transfers trust in this somewhat
disadvantageous way for free 5.0. It also cuts off first-time PGP users
choosing 5.0 and all users of free 5.5x from two-way secure communication with
those who wish to maintain their RSA keys for compatibility with what appears
likely to be a much larger global user base for quite some time. It also allows
the propagation of questionable signatures to the new web of trust at the option
of the person with the signed key rather than the signer of the key. Finally,
unless and until the new versions find their way somehow to international users
at scale, it cuts that base off completely from even the possibility of two-way
communication with first-time free 5.0 users and all free 5.5x users. I do not
think this a very pretty picture, nor particularly considerate of the existing
RSA-key user base which made your reputation.
> There may be some concern that this would introduce certain kinds of
> spoofing attacks. Let us assume that the old signatures are valid,
they may have been originally but the signer may have wished subsequently to
invalidate them for either substantive or personal reasons. Since old PGP keys
have no expiration dates and there was no CRL mechanism originally, this is
weak. Better if you're going to start a new key structure to require new
signatures. I recognize that this seems to contradict my comment about
obsoleting the old web to trust, but I'd argue PGP should have preserved
compatibility with the old web via compatibility with the old keys, while making
the new key structure possible in Free PGP, thus providing a graceful and
user-driven upgrade path rather than an imposed one. The method described above
is, instead, a kludge to attempt to avoid one of the more egregious consequences
of what I think to have been a mistake in the first place.
I believe the direction Open PGP is moving in allows for many agreed algorithms
including "Classical" RSA-IDEA PGP, with appropriate flags to enable two-way
usage, and a backwards compatible upgrade path. If this is both true and
preserved as the group goes about its business, this would be a Good Thing.
I would suggest both in light of the realities of the existing user base and on
principle that Open PGP include Classical PGP as either a "should" or a "must".
This would not violate what I understand to be the real ground rule:
non-discriminatory access to intellectual property on reasonable terms. If there
is some difficulty in negotiating such terms, the date of coming into effect of
such a "must" provision could be the expiration date of the RSA patent (for
example). GIven empirically-based time tables for the completion of the group's
work, and likely implementation times thereafter, I think this could be a
practical approach.
> that the old key is in fact properly bound to the userid. (If the old
> signatures are invalid, no one should trust them anyway, so they have no
> impact on the web of trust.)
Not so fast. See above.
> Now, when that old key issues a signature
> on the same userid on another key, it is in effect asserting that the
> same keyholder controls this other key.
>
> If the other key actually does belong to the same keyholder, then there
> is no danger in transferring validity from the signatures on the old
> key over to the new one. The new key is in fact valid, and so measures
> which show it as valid are proper.
See above. Also, that PGP recognizes the importance of expiry is shown by the
option to add an expiration date to newly generated keys
> Hal Finney
> h...@pgp.com
While I've got you, Hal, why did PGP disable RSA key generation in free 5.0? Why
did they omit RSA entirely in free 5.5x? Why is it an extra-cost option in pay
5.5? It it the intention to drop it completely in 6.x? It would be good to have
an authoritative explanation. I think this would be of interest to all the
groups in this distribution, since even the Open PGP folks can benefit from
understanding PGP Inc.'s thinking and intentions with respect to its products.
David
David Sternlight
Greg Hennessy wrote:
> In article <347A150A...@sternlight.com>,
> David Sternlight <da...@sternlight.com> wrote:
> >1. Are you making a guarantee on behalf of PGP Inc. that Version 5.0
> >(free) will continue to be available?
>
> No, but there are *many* copies of Version 5.0 on non PGP web and ftp
> sites. Even if PG
Good point. Though users would be forced to choose between that user base
and the advantages of the new versions plus the ability to communicate
with new-key holders. Many users might be put in a difficult position
because of PGP's behavior.
> P wanted to make these copies unavailable, they would
> be available.
>
> >2. It is flat out false that RSA keys are insecure, comparable key
> >lengths considered.
>
> A RSA key generated with MD5 is less secure than an RSA key generated
> with SHA-1.
What? MD5 isn't used to generate RSA keys, nor is SHA-1. Both are hash
algorithms for message signing. And the concern is about
collisions--identical hashes--which applies to message digests (i.e.
signing) and not to key generation.
>
>
> To the best of my knowledge RSAREF *cannot* be used to generate RSA
> keys with SHA-1, but only with MD5.
What ARE you talking about?
>
>
> > But nobody has been able to suggest a way to
> >created a spoofed message with desired bogus content and with the same
> >hash as another message, nor is such a thing likely.
>
> The issue isn't spoofing messages, but spoofing signatures, as Ian
> Grigg pointed out on the OpenPGP list.
The signature is based on a hash of the message.
> f your attempt was to try to gain public groundswell to change PGP's
> mind about elimnation of a certain feature in the new freeware PGP,
> I'd have to say you failed miserably. Your posts do not seem
> consistent with that action. By accusing PGP of hidden motives,
> unethical behavior, and bashing PGP Inc for their licenses on freeware
> that are standard practice in the industry, you have come across as
> somone wishing to bash PGP and using whatever stick is handy at the
> moment.
I think PGP is pursuing selfish commercial advantage while treating the
user base callously. That is my message. It affects both the degree of
trustworthiness and dependability users may wish to ascribe to PGP in
thinking about crypto companies , and the influence it should be allowed
to have in the Open PGP working group. I have no hope of changing their
mind. And I make no advocacies with respect to individual users except
that they should be aware of the facts and then make up their own minds.
>
>
> If you want a calm discussion over the wisdom of the as yet unreleased
> Free PGP 5.52 (he wrote at 9:15 EDT on a Tuesday), then we can have
> one.
It was released. Then it was apparently withdrawn. 5.53 is the current
release. Killing RSA entirely (5.53 is the same in this respect) is a
stupid and gratuitous slap at the user base which made their reputation.
More and more users are reporting that they are in reaction against this
and are dropping back to either 2.x or 5.0 (if they already have RSA
keys).
By the way, leaving aside the compatibility points (which I think to be
dispositive), they did quite a nice user interface job on 5.52/3. Those
PGP employees who do their technical job but don't have any voice in
policy should be commended for that.
David
David
David Sternlight
Greg Hennessy wrote:
> In article <david-26119...@lax-ca66-07.ix.netcom.com>,
No. It was sheer self-interest. Without it they couldn't get around export
controls for the new key versions and would be at a severe competitive
disadvantage, internationally speaking.
As to recompiling to activate RSA key generation in 5.0, perhaps there's
something in the license or some aspect of the copyright that forbids it at
scale (by distribution of copies of a recompiled version in the US).
Otherwise why put 5.0 users to all that inconvenience needlessly. And most
users don't have the ability to compile, access to a compiler, or even know
how. Recall that the world isn't UNIX.
David
David Sternlight
Greg Hennessy wrote:
> In article <65d3c1$c...@camel15.mindspring.com>,
> Isaac <Is...@yellow.submarine.pla> wrote:
> >I disagree. As far as his excoriations are concerned, I believe he has
> >admitted to having double standards.
>
> No quite. David admits he excoriates whom he chooses, but says that
> he'd excoriate anyone in the exact same situation. David is then very
> clever in finding reasons why (for example) a case with RSA has some
> tiny difference that makes it not identical, so he doesn't then have
> to excoriate RSA.
Please do not assume malevolence nor cooking of the books when analytic
distinctions are involved. Dismissing such real distinctions about
substance as "tiny differences" is partisan hand-waving.
David
Bill Unruh
In <347DD721...@sternlight.com> David Sternlight <da...@sternlight.com> writes:
>>
>>
>> To the best of my knowledge RSAREF *cannot* be used to generate RSA
>> keys with SHA-1, but only with MD5.
>What ARE you talking about?
RSAREF does not have any general published entry points to do pure RSA
encryption. The only listed ones are to do RSA and signing at once, and
signing can only be done with MD2 or MD5. Thus if you rtake seriously
that only those entry points listed in rsaref.doc are allowed to be used
under the license, then you cannot sign a message with anything but MD2
or MD5.
There are certainly subroutines which do only RSA encryption/decryption
(although they are not listed in rsaref.doc) and they could be used
without modifying the RSAREF source code. The license agreement talks
about "no modifications to use any unpublished entry points without
permission" (to paraphrase). Does this mean one can use unpublished
entry points if one does not modify the code? It has been rumoured that
RSA put up a fight against allowing MIT to use these entry
points, (certainly that was the reason MIT stopped using RSAREF2.0) but
it is unclear to me what the real situation was. Reading the license, I
would certainly argue that the use of any of the entry points
(subroutine calls) were valid to use, since they require no modification
of the code. However, RSA might see it differently.
While the license states that permission to modify RSAREF to use
unpublished entry points will be granted for all reasonable requests,
one suspects that a request from PGPInc might not be regarded as
reasonable.
Do you now know what he is talking about?
David Sternlight
I have now tried this and either Hal's response is non-responsive to my concern or
I did something wrong.
With Eudora PGP and the pay RSA extension for 5.0, I ran PGP keys. I generated a
new ElGamal key pair with the same name and internet address as my 1024 bit RSA key
that had been signed by Schiller et al. I then made the old key the default key and
signed the new key with it. The signatures were NOT transferred to the new key, as
I had thought on reading Hal Finney's solution to the issue I raised.
Perhaps Hal intended to be taken literally. Perhaps the VALIDITY of my old key is
transferred to my new key in the isolation of my own keyring. The signatures
certainly were not, in effect or otherwise. And none of the signatures on other
people's keys could be transferred in this way. My new key did not carry the old
signatures, and if I then send it to a keyserver it doesn't carry the signatures on
the old key. As I at first said, the web of trust (as represented by signatures on
keys) and all the signatures on the old RSA key has been lost to the new key
structure.
What is more, this transfer of trust doesn't apply to any keys not my own on my own
key ring. Thus any web of trust, signatures, etc. on the old RSA key are lost as
far as any usefulness is concerned once I switch to Free PGP 5.53. As I said before
Hal's response, PGP Inc HAS disenfranchised all the old web of trust, the old
network of signatures, and the old network of keys in PGP 5.53. Everyone has to get
new keys and to restore any semblance of the old web of trust has to get new keys
from all their correspondents, and they have to get new signatures on their keys,
etc. for the transitive character of the web of trust to work.
I cannot believe Hal (for whom I have a high opinion) would be so non-responsive
and misdirective to the concern I had raised. I must have misunderstood him and
done something wrong. Please tell me what it was.
As for Open PGP, if I didn't misunderstand Hal this would certainly not be a way to
preserve signature and key structure in the presence of algorithmic change or
updating.
David
Bill Unruh
>As to recompiling to activate RSA key generation in 5.0, perhaps there's
>something in the license or some aspect of the copyright that forbids it at
>scale (by distribution of copies of a recompiled version in the US).
>Otherwise why put 5.0 users to all that inconvenience needlessly. And most
>users don't have the ability to compile, access to a compiler, or even know
>how. Recall that the world isn't UNIX.
The copyright provisions for PGP5.0 source code int eh book
specifically disallow all alterations of the source code except for
persoanl use, and then only if a copy of the changes are also supplied
to PGPINc. Those provisions specifically disallow the distribution of
any such changes, even if only for purpose of fixing bugs in the code,
never mind additional functionality.