>From Slashdot:
http://slashdot.org/article.pl?sid=01/02/19/1356257&mode=thread
(I may have broken the signature while copying)
Peter Trei
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A note to PGP users:
As most PGP users know, Network Associates Inc (NAI) acquired my company,
PGP
Inc, in December 1997. For three years after that, I stayed on with NAI as
Senior Fellow,
to provide technical guidance for PGP's continued development, and to ensure
PGP's
cryptographic integrity. But I can't stay on forever. In the past three
years, NAI has
developed a different vision for PGP's future, and it's time for me to move
on to other
projects more fitting with my own objectives to protect personal privacy.
Let me assure all PGP users that all versions of PGP produced by NAI, and
PGP Security,
a division of NAI, up to and including the current (January 2001) release,
PGP 7.0.3, are
free of back doors. In all previous releases, up through PGP 6.5.8, this has
been proven by
the release of complete source code for public peer review. New senior
management
assumed control of PGP Security in the final months of 2000, and decided to
reduce how
much PGP source code they would publish. If NAI ever publishes the complete
PGP 7.0.3
source code, I am confident that the public will be able to see that there
are still no back
doors. Until that time, I can offer only my own assurances that this version
of PGP was
developed on my watch, and has no back doors. In fact, I believe it to be
the most secure
version of PGP produced to date.
While it is true that NAI holds the PGP trademark and the source code for
the NAI
implementation of PGP, I'd like to point out that PGP is defined by an IETF
open standard
called OpenPGP, embodied in IETF RFC 2440, which any company may implement
freely
into its products. I will be working with other companies to support
implementations of the
OpenPGP standard, to turn it into a real industry standard supported by
multiple vendors. I
think the emergence of more than one strong commercial implementation of the
OpenPGP
standard is necessary for the long term health of the PGP movement, and
will, incidentally,
ultimately benefit NAI.
To this end, I will be assisting the makers of HushMail, Hush Communications
(http://www.hush.com), to implement the OpenPGP standard in their future
products. They
will be doing their own announcement of this new relationship.
In addition, I will be assisting Veridis (http://www.veridis.com), a recent
spin-off of
Highware (http://www.highware.com), to create other OpenPGP compliant
products,
including software for certificate authorities for the OpenPGP community.
I am also launching the OpenPGP Consortium (http://openpgp.org), to
facilitate
interoperability of different vendors' implementations of the OpenPGP
standard, as well as
to help guide future directions of the OpenPGP standard.
This coming June marks the 10 year anniversary of the 1991 release of PGP to
the public.
PGP was originally designed for human rights applications, and to protect
privacy and civil
liberties in the information age. By proliferating the OpenPGP standard, we
can renew that
promise, and continue the commitment to personal privacy that captured the
imagination and
participation of millions around the world.
Philip Zimmermann
19 Feb 2001
[EMAIL PROTECTED]
http://web.mit.edu/prz
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3
iQA/AwUBOpDtWmPLaR3669X8EQLv0gCgs6zaYetj4JwkCiDSzQ JZ1ugMhqsAoMgS
me78KR5VEfCVEUFpwOCCk8Tx =JVF2
-----END PGP SIGNATURE----- --
--------------------------------------------------
