Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Phil Zimmermann flees NAI, fights back

By Malicose in News
Tue Feb 20, 2001 at 06:06:25 AM EST
Tags: Security (all tags)
Security

PGP Inc. founder Philip Zimmermann has a statement at The International PGP Home Page detailing his departure from NAI. He is concerned for PGP's future "cryptographic integrity," warning of new senior management's decision "to reduce how much PGP source code they would publish."


This new direction will deny the source code proof that allows Phil to guarantee the back door-free nature of versions through the latest 7.0.3 release. It seems such worries are a major violation of his idea on the nature of personal privacy, and I'm glad he's standing up for us all. Fortunately, he's not leaving the scene just yet (plaintext hyperlinked by me):
While it is true that NAI holds the PGP trademark and the source code for the NAI implementation of PGP, I'd like to point out that PGP is defined by an IETF open standard called OpenPGP, embodied in IETF RFC 2440, which any company may implement freely into its products. I will be working with other companies to support implementations of the OpenPGP standard, to turn it into a real industry standard supported by multiple vendors. I think the emergence of more than one strong commercial implementation of the OpenPGP standard is necessary for the long term health of the PGP movement, and will, incidentally, ultimately benefit NAI.
To this end, I will be assisting the makers of HushMail, Hush Communications, to implement the OpenPGP standard in their future products. They will be doing their own announcement of this new relationship.
In addition, I will be assisting Veridis, a recent spin-off of Highware, to create other OpenPGP compliant products, including software for certificate authorities for the OpenPGP community.
I am also launching the OpenPGP Consortium, to facilitate interoperability of different vendors' implementations of the OpenPGP standard, as well as to help guide future directions of the OpenPGP standard.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
Will PGP's integrity be jeopardized in the future?
o Obviously 50%
o Uncertainly 50%

Votes: 26
Results | Other Polls

Related Links
o statement
o The International PGP Home Page
o NAI
o Hush Communications
o Veridis
o Highware
o OpenPGP Consortium
o Also by Malicose


Display: Sort:
Phil Zimmermann flees NAI, fights back | 5 comments (5 topical, editorial, 0 hidden)
Crap. (2.42 / 7) (#1)
by Seumas on Tue Feb 20, 2001 at 12:30:27 AM EST

What really sucks is I long ago forgot my PGP password, so PGP is pretty useless these days for me (unless I want to assume a fake name, I guess -- or make it difficult for someone else to find the right me when they search for my public key).

The OpenPGP dealie sounds cool for Zimmerman. He's too valuable of a resource to lose from the community.
--
I just read K5 for the articles.

Well, (4.33 / 3) (#3)
by pope nihil on Tue Feb 20, 2001 at 12:41:26 AM EST

You can always make a new key with the same name. Plus, you should really have your keys expire after a certain period of time so that after a year or so, you won't have to worry about people sending you messages encrypted to a key you don't have anymore.


I voted.

[ Parent ]
Problem in front of the screen (none / 0) (#4)
by bengen on Tue Feb 20, 2001 at 05:42:59 AM EST

It always sucks when you forget a password. If it didn't suck, a password would be pretty useless, right? While there are ways to re-set your password in a number of cases, I think this should not be possible for PGP or any other cryptography tool because it weakens security. I may sound somewhat paranoid, but that's ok.

BTW: You can always delete your (useless) secret key, generate a new key pair and distribute a new public key.

-Hillu

[ Parent ]
Key revocation (none / 0) (#5)
by jovlinger on Wed Feb 21, 2001 at 01:16:28 PM EST

Yup. Key revocation is the way to go.

Now here's a more difficult one: How do I change the email address associated with a key? I've only moved once, but some friends of mine have moved several times and since message encrype mode for MH in emacs guesses keys based on the recipient's email address, using keys associated with old email addresses is a royal pain in the butt.

Any ideas?

[ Parent ]
This guy Philip Zimmermann is so cool. (2.16 / 6) (#2)
by elenchos on Tue Feb 20, 2001 at 12:30:36 AM EST

So what's the catch?

Adequacy.org

Phil Zimmermann flees NAI, fights back | 5 comments (5 topical, 0 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!