Slashdot Mirror
PRZ Announces Depature From NAI
The message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A note to PGP users:
As most PGP users know, Network Associates Inc (NAI) acquired my company, PGP Inc, in December 1997. For three years after that, I stayed on with NAI as Senior Fellow, to provide technical guidance for PGP's continued development, and to ensure PGP's cryptographic integrity. But I can't stay on forever. In the past three years, NAI has developed a different vision for PGP's future, and it's time for me to move on to other projects more fitting with my own objectives to protect personal privacy.
Let me assure all PGP users that all versions of PGP produced by NAI, and PGP Security, a division of NAI, up to and including the current (January 2001) release, PGP 7.0.3, are free of back doors. In all previous releases, up through PGP 6.5.8, this has been proven by the release of complete source code for public peer review. New senior management assumed control of PGP Security in the final months of 2000, and decided to reduce how much PGP source code they would publish. If NAI ever publishes the complete PGP 7.0.3 source code, I am confident that the public will be able to see that there are still no back doors. Until that time, I can offer only my own assurances that this version of PGP was developed on my watch, and has no back doors. In fact, I believe it to be the most secure version of PGP produced to date.
While it is true that NAI holds the PGP trademark and the source code for the NAI implementation of PGP, I'd like to point out that PGP is defined by an IETF open standard called OpenPGP, embodied in IETF RFC 2440, which any company may implement freely into its products. I will be working with other companies to support implementations of the OpenPGP standard, to turn it into a real industry standard supported by multiple vendors. I think the emergence of more than one strong commercial implementation of the OpenPGP standard is necessary for the long term health of the PGP movement, and will, incidentally, ultimately benefit NAI.
To this end, I will be assisting the makers of HushMail, Hush Communications (http://www.hush.com), to implement the OpenPGP standard in their future products. They will be doing their own announcement of this new relationship.
In addition, I will be assisting Veridis (http://www.veridis.com), a recent spin-off of Highware (http://www.highware.com), to create other OpenPGP compliant products, including software for certificate authorities for the OpenPGP community.
I am also launching the OpenPGP Consortium (http://openpgp.org), to facilitate interoperability of different vendors' implementations of the OpenPGP standard, as well as to help guide future directions of the OpenPGP standard.
This coming June marks the 10 year anniversary of the 1991 release of PGP to the public. PGP was originally designed for human rights applications, and to protect privacy and civil liberties in the information age. By proliferating the OpenPGP standard, we can renew that promise, and continue the commitment to personal privacy that captured the imagination and participation of millions around the world.
Philip Zimmermann
19 Feb 2001
prz@mit.edu
http://web.mit.edu/prz
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3
iQA/AwUBOpDtWmPLaR3669X8EQLv0gCgs6zaYetj4JwkCiDSzQ JZ1ugMhqsAoMgS
me78KR5VEfCVEUFpwOCCk8Tx
=JVF2
-----END PGP SIGNATURE-----
--
--------------------------------------------------
You are your login name!
More disturbing to me is that the key used to sign that message (as found in c.s.p.d) had an invalid self-signature when I yanked it off the keyservers.
Can anyone confirm that Zimmerman normally uses that key? Does anyone have a valid version of it?
I get a feeling of "the PGP spirit will move on in OpenPGP not PGPclassic" from the letter though that NAI won't be happy at at all - I would say the real world value of PGP just halved for them....
--
-=DaveHowe=-
I'm sorry, but, try as I might, I just can't get a good signature out of this note. I saved it as is is, with the line breaks as they came in my browser. I saved the source. I stripped HTML from the source. I stripped all the HTML but the links.
Now, I'd probably wager, say, a cup of coffee that PRZ actually did sign this note and that it's Slashdot that mangled the signature...but, frankly, what's the point of posting a PGP-signed message--by the creator of PGP, no less--if that signature simply cannot be verified?
It would be appropriate for somebody to post the note in such a way that the signature can be verified. 'Til then, my faith is as a cup of coffee....
b&
All but God can prove this sentence true.
Damn good point - there are no line breaks, which PGP for Windows usually inserts (I don't know about other versions) - has anyone tried copying the text from a browser and verifying it? I don't have PGP on this machine.
__________________
you might want to check the plaintext version of it on the pgpi website then.
--
-=DaveHowe=-
...is posted at http://www.pobox.com/~agreene/pgp/prz_leaves_nai.t xt
Eudora has a really sweet PGP plugin. When I compose a message, there are 2 buttons up top: "Encrypt" and "Sign." All I have to do is type my message and hit one of the buttons before I press send. It also scans incoming mail for PGP blocks, and automagically decrypts/verifies messages. It will ask you for your password at the appropriate time, or you can configure it to store your password. I also have a plugin for ICQ which works similar to the Eudora plugin. That one is kinda overkill, but neat anyway.
Ne Quid Nimis - All things in moderation
--
Top Most Bizarre/Disturbing Error Messages
That was Version 1.0 and I downloaded it to Germany and started on a port.
See my journal, I write things there
what if posts under your userID started showing up badmouthing the company you work for, and praising kiddie porn, and threatening to kill the president? You would have a rough time fixing that. GPG signatures would make it easy to prove you didn't do it.
False. Sorry to say it like this, but IMHO it's an important mistake. Signatures CANNOT prove you DIDN'T write something. It's very well possible that you DID make those 'evil' posts you mentioned, but signed them with a different key that nobody knows about.
I was hoping the same thing.
It should also be noted that GnuPG is really coming along, and that the Gnu Privacy Assistant is under heavy development right now and is weeks away from some pretty stable releases.
Werner ported Sylpheed to Windows and will soon release a security suite which will include GPG, GPA (kinda like PGP Keys), WinPT (like PGP Tray), and Sylpheed. These will be all within one install program and will finally make using GnuPG under Windows more accessable to non-geeks.
Rich...
Ignore Alien Orders
Errr... no. The last thing that an industry consortium would want to do is write a competitor to the products of its member. The most they would do in this regard is produce a reference implementation (like the one I wrote when I was reviewing RFC 2440 prior to IETF submission) which while correct isn't practical, or to serve as a test-bed for new features before they're implemented properly in a real product like GPG.
But the actual purpose of the consortium is to ensure that PGP, GPG and your hypothetical browser plugins all worked together, and to put a more formal face behind the IETF OpenPGP working group to push the standard forward even further, as well as related projects which PGP enthusiasts want to see happen like PGP/MIME, PGP/Ticket, integration of PGP with biometrics and so on. This is a good thing for the PGP standard.
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
I don't know about anyone else, but I already liked and recommended HushMail. The worst thing against them seemed to be that they couldn't inter-operate with gpg or pgp.
Now it looks like it will be better than ever.
Even if he does stay on, and there are no back doors, NAI have him as a figurehead to say "There are no back doors", and many people will believe him, who whould not believe any other NAI employee. By resigning, he is denying NAI the fallback plan of having a PRZ to rubber-stamp a closed-source product as being back-door free. Therefore, his best option for making NAI release the source is to resign.
True. PRZ is a well-known figure, and with his background, (some) people are going to trust him when he says "There are no back-doors". But that's a bad policy, and I'm sure he understands it, after all he could be locked in a dark cupboard and replaced by an android. Leaving doesn't look like a cop-out in that light.
It's not so much an acronym as a nickname. Actually, it's a sort of honorific. The convention is long standing. It's a way of paying tribute to a person of significance. Everyone knows your full, legal name. Only a person of note becomes known simply as "rms" or "dmr" or "ken".
Mechanical? No. It's more human and personal that just referring to his formal name. It shows that you recognize his contribution and that you have some knowledge of the person beyond his name.
You mean you'll put down your rock, and I'll put down my sword and we'll try and kill each other like civilized peo
Freedom, justice, and equality are desirable ends. Incidentally, neither of them can fully implemented without the other. And none of them require privacy.
Privacy is just a means to some end - be it good or bad. Nor is it truly necessary to pursue alternative lifestyles - unless those lifestyles involve imposing on others. Which certainly butts up against the "freedom" issue, doesn't it? Lack of privacy just changes the rules of the game, and makes things difficult for those who have been screwing others over.
Openness dramatically enhances justice and equality. And a diverse society will demand both freedom and equality. While the intolerant may demand that people adhere to their rules, they'll be held to them too, so the rules can't be that strict and if unpopular how will they get people to follow them?
As for people so weak-brained that they automatically conform to the expectations of the powerful... who cares? That's their problem.
cryptochrome
---If you can't trust a nerd, who can you trust?
Geez... you couldn't even get that right. It's:
HOW ARE YOU GENTLEMEN!!
ALL YOUR BASE ARE BELONG TO US.
IMHO U need to RTFM since PRZ so important to PGP, that he had to have a l33t nick. FWIW though I use GPG. CU8R.
The current Slashdot moderation system is made by gay communists!
However, since the message was changed in formatting to HTML, the signature cannot be easily verified. You'd have to get back to the original file contents exactly, line breaks and all. Did he submit those URLs with [a href=""] tags, or did the slashdot editor insert them?
Not that it's likely very useful for Slashdot itself, but Slash and other should probably have a mechanism for "submit by file upload" and "read original submission file," so that more people can use signed content on the web. Slash already has a place for you to announce your PGP key [mine is posted], but the lame word-wrapping feature inserts a column of spaces.
It would also avoid some of that ugly "id so-and-so is the real User; everyone else is an impostor" check, by the way. Bruce Perens and anyone else who thought they were being forged could digitally sign their submissions.
[
And as for whether or not he should stick around: There's only so much you can do at a job you don't like/enjoy any more (whatever that job is) before you're simply not in the mood to try anymore -- at which point your effectiveness is going to head 'way down, and you might as well just leave anyway. There was the article here a while back with the question from the CTO of a sinking company: Do I stick around to save my friends, since everything is riding on me, or do I leave this job that I no longer enjoy and head for greener pastures? The response was pretty much unanimous then: Go, 'cos sticking around in a job you don't like is no fun, and you won't be any good anyway. I'd say the same advice applies here.
And anyway, if you've trusted him on the no-backdoors thing this long, why switch now to less-secure products just because he's leaving? He's already given his word (which presumably you've already trusted, in combination w/code reviews, peer opinions, etc) on version whatever-it-was -- why not just keep using that? Or is NAI going to reach out and put some kind of backdoor in your already-downloaded, already-compiled software?
He hasn't "cut and run at the first hurdle". The guy was gonna get sued by the US Gov't for publishing his software. If you require more of him, I suggest you at least provide the crucifix yourself.
Carousel is a lie!
Surely he'd be better off staying within NAI and fighting to ensure that the code remains free from backdoors?
;)
Well, that may be best for us (the community), but Phil is entitled to a rewarding life of his own. Maybe he just felt he was pissing into the wind at NAI, and that he'd be happier and more productive elsewhere.
It is after all -his- life, not ours
EZ
'The truth is out there.. but the lies are all in your mind.'
"Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
adj.
- Exceeding what is necessary or natural; superfluous.
- Needlessly repetitive; verbose.
Seems to fit the first definition nicely.Now that is interesting wording. Zimmerman doesn't actually say that 7.0.3 doesn't have back doors. Is he being coy, or does he just consider "trust me on this" to be too hypocritical?
It seems to me that Zimmerman is being about as rude as he can be without getting sued. Closed-source encryption software is seriously out of fashion, and probably every reputable security expert, including Zimmerman, thinks NAI just shot themselves in the foot. As a recent NAI employee, Zimmerman can't express himself freely, but he can lay out some objective facts and let people draw their own conclusions.
__________________
He does seem to leave it as "make what u want of it", but the downside of this (from MY point of view) is the lack of an open/trusted encryption suite such as what the PGP SDK offered. Unless NAI continue to provide full source for the SDK, that is.
;-)
Oh well, time will tell.
On a different note, does anyone know of a product which offers the functionality of the PGP SDK? (Please don't point me to GNUPG)
BTW, I did spell "depa[r]ture" correctly in my submission
I don't see the problem here - Phil is sufficiently well-known that everyone knows who PRZ is when we use that appreviation..
--
-=DaveHowe=-
...probably to appease NSA...
Repeat after me, citizen. The NSA does not exist. The NSA does not exist. There is No Such Agency.
I like you, Stuart. You're not like everyone else, here, at Slashdot.
He's not saying that they're putting in back doors, he's just saying that they could do it, since they aren't going to disclose the full source code. And when dealing with security, the merest possibility that something can happen, must be treated as though it will happen.
It's the "No source == 10 backdoors in every line of code" interpretation.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
On the contrary, the way I see it, he is accepting a difficult situation in order to avoid compromising his principles.
It sounds like the decision is out of his hands (he tried fighting and lost), and now he has to either do the wrong thing, or leave. He's leaving.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I hope the "OpenPGP consortium" doesn't make it their objective to write yet another version of PGP. We all ready have one - Gnu Privacy Guard - which is both open source and RFC-whatever compliant. Plus it's fully scriptable, so it's easy to hook it up to other programs. And the documentation is even good.
On the other hand, if the OpenPGP consortium works with Hushmail, Zero Knowlege, and all the other companies out there to try to make secure email interoperable, that would be very, very nice.
I'm sure the NSA,CIA,FBI, and others get the giggles every day they decrypt email and think "Damn, these people are dumb! PGP has been out there in the world for years now, and almost nobody uses it!"
But frankly, it's a pain to use because it isn't integrated into enough software. For example, it would be nice if you could attach an OpenPGP signature to the text you put into an on-line form in Mozilla - like I am right now. Then we could have secure-signed Slashdot postings. Why? It's not like Slashdot's cookie-based login system is very secure - not that it was ever claimed to be - but if hacked into Slashdot (again) and managed to steal some username/password combinations, they could do a lot of damage to some people's reputations. I'm not talking about karma loss here - what if posts under your userID started showing up badmouthing the company you work for, and praising kiddie porn, and threatening to kill the president? You would have a rough time fixing that. GPG signatures would make it easy to prove you didn't do it.
And if my W2K box at work supported OpenPGP in Outlook, that would be nice too. So, I wish the best to Phil Katz and the OpenPGP consortium, as long as they don't bother to reinvent the Gnu Privacy Guard wheel. Look for innovative ways to add Open-PGP signatures to everything!
Torrey Hoffman (Azog)
Torrey Hoffman (Azog)
"HTML needs a rant tag" - Alan Cox
Surely he'd be better off staying within NAI and fighting to ensure that the code remains free from backdoors? It seems as though he's willing to compromise his principles to get out of a difficult situation, and it means that many of us are going to have to switch to other, less secure versions that we at least know are free from holes.
Not necessarily. If he stays on as an employee of NAI, he could continue to fight against the opening of back doors in the software, but if (when) he loses those fights, he would probably be bound by NDAs and non-compete clauses and the like from publicizing them, and the community at large would have no recourse but to assume that since he is an still an employee, that the product remains true to his original vision, which may not be the case.
Phil is smart and seems aware that the public cannot wisely trust a closed-source security program, and he is stating that he does not wish to continue endorsing it by associating himself with the company that publishes it. I congratulate his courage in leaving a (probably) lucrative corporate position on this principle. Instead, by going to work on the OpenPGP standard, and doing consulting services for other companies who wish to integrate open-standards PGP into their products, he is insuring that peer-reviewable privacy software continues to be available to the public at large.
If he was cutting and running at the first hurdle, he'd stay with NAI, and keep his paycheck, despite the fact that they were making the software less free. Instead, he's making a rather large personal sacrifice to ensure that PGP remains a security system we can trust, even if we can't necessarily trust NAI's implementation of it.
Is the message a fake? Is it real?
What does this all mean for the future of privacy on the Internet?
Get your answers straight from the man.
It seems to me that by leaving NAI, PKZ is giving them an incentive to re-open the source to PGP to prove that there are no backdoors, since they no longer have his personal stamp of approval as an inside reviewer.
-N
I noticed Phil said that NAI owns the trademark to PGP, yet he's going to work on the openpgp group. I wonder if we'll see a repeat of the SSH(tm) vs opensssh scandal... NAI is a big corporation with a bunch of hungry lawyers, so who knows what will happen if openpgp eats into their corporate bottom line like it did with SSH. Shon
actually, someone removed his phone number from the last line, and invalidated the signature.
Here's the real message...
-- The Funk, The Whole Funk, And Nothing But The Funk
I think he's trying his hardest to force them to release the source code, whether they want to or not. With this announcement, he stresses the importance of seeing the code again and again. If NAI doesn't release the source, people will assume it is untrustworthy, especially since Zimmerman says he doesn't guarantee future versions. NAI basically has no choice now but to keep releasing the source if they want to remain a viable option for serious security.
So, there is the merest possibility that decryption can happen, still everybody is assuming that it won't happen.
BTW, I agree on your "No source == 10 backdoors in every line of code" interpretation. Just another reason, not to use products of NAI.
Free Manning, jail Obama.
I'm getting the feeling from reading it that he's concerned about the direction that NAI is going in, and no longer approves. Has he resigned because they're not releasing the source? Or am I reading too much into this?
Hm, it looks like PRZ is saying that while NAI owns the trademark on PGP, since OpenPGP is the name of an internet standard, other people can use it to describe their projects.
Maybe I'm reading that wrong, but I wonder how that plays with the whole "SSH the Product" vs. "SSH the Protocol" debate?
Seems to be as though this letter contains hints of bitterness over having to leave, and that the vision he had for PGP and NAI's vision were somewhat different. The comments about source code and backdoors seem to indicate that he thinks NAI aren't going to be opening the code for review in the future.
Surely he'd be better off staying within NAI and fighting to ensure that the code remains free from backdoors? It seems as though he's willing to compromise his principles to get out of a difficult situation, and it means that many of us are going to have to switch to other, less secure versions that we at least know are free from holes.
When it comes to ensuring freedom you can't just cut and run at the first hurdle...
Something like this should have been done with ssh situation...
He'll be moving on to help other companies produce implementations of the OpenPGP standard. Don't most companies' employment contracts include a provision that you agree not to go into business in direct competition for n years afterwards? And wouldn't a competing implementation of the OpenPGP standard count?
Perhaps he didn't have a contract like that; since he started PGP the company himself, he presumably didn't bother to write himself a daft contract then, and maybe NAI didn't impose one on him when they bought him...
blah.
Karma: Bored. (Thinking about resurrecting the "Anyone else is an imposter" joke.)
PGP was originally designed for human rights applications, and to protect privacy and civil liberties in the information age.
There's always sufficient, but not always at the right place nor for the right folks.
-----BEGIN PGP SIGNED MESSAGE-----
S zQ JZ1ugMhqsAoMgS me78KR5VEfCVEUFpwOCCk8Tx =JVF2
Hash: SHA1
A note to PGP users:
It has come to my attention that there is an article in this forum which has been incorrectly attributed to me. The forger even went so far as to include a PGP signature with the post.
Unfortunately, the PGP signature is meaningless in this situation, as it has simply been pasted in place from an email I previously sent. The smoking gun is in the line of dashes directly following the words 'END PGP SIGNATURE'. There are five dashes, followed by a single space, the two more dashes, another space, then the remainder of the dashes.
Philip Zimmermann
19 Feb 2001
prz@mit.edu
http://web.mit.edu/prz
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3
iQA/AwUBOpDtWmPLaR3669X8EQLv0gCgs6zaYetj4JwkCiD
-----END PGP SIGNATURE------
--
--
You are a fucking moron.
Let's just call him PGP. OK?
NAI treats PGP as mass market consumer software and may think that it will have little impact on ignorant Joe Public whether they release the source or not. Probably they are correct, but it hugely undermimes the reputation that PGP has built up all these years for those that know better. Maybe this is why he left?
> PRZ seems to stress on the points that PGP has NO backdoors as of now and that he and NAI have different visions of the product. Could this be somekind of a hint that NAI now wants to build backdoors into their product, probably to appease NSA or something like that ? After all we know that many MS products do have NSA backdoors.
/usr/local/bin/pgp | grep goatse.cx
It is not _that_ complex.
> strings
>
Cheers,
--fred
1 reply beneath your current threshold.
although PKZ is only saying "I can't guarantee future versions won't be backdoored" it *will* be read as "I left because future versions WILL be backdoored"
I thought this too.
Good on Phil! He should have done this years ago.
Most of the people I know who use PGP stuck with 2.--the last pre-NAI version--until GPG came along. Nobody uses NAI PGP.
Nobody trusts NAI.
Nobody likes the NAI license agreements.
In short, NAI did more to SLOW DOWN the widespread use of PGP than any government ruling or censure. Almost makes one wonder what their agenda _really_ was for all of those years.
Anyways, congrats to Phil for getting away from those bastards.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
I don't know why people are still focusing on PGP. This is a proprietary product. This article is tainted with the proprietary software industry.
I think it is great that OpenPGP exists so that Gnu Privacy Guard can exist without any patent violations. That said there is no reason for any other PGP implementation to exist. Without source code a crypto impl is not worth the paper it is printed on (considering it isn't printed... this isn't much). Even if Phill Z. himself went over the code for 7.x, NAI can still add a back door right before they ship and Phill will never know. The only crypto you should EVER trust is crypto which you compile yourself and has been audited and signed by experts.
I think the issue is that of money. Zimmerman wants to get paid to work on PGP but only the closed source people are currently willing to do that. Crypto and privacy people have always had revenue stream problems. Most people don't care about their privacy so they don't buy PGP. Crypto is a loosing leader for other markets and I think we should apply our focus there.
Kevin
Maybe PKZ can work on helping out GnuPG to be the PGP replacement across the board. Not just for geeks and cheapskates but really out do PGP. Then again I would like to replace a lot of commerical software with open source. Scott
Scott
hacker
sboss dot net
email: scott@sboss.net
Scott
janitor
sdn website family
email: scott at sboss dot net
key id is: 0xFAEBD5FC /. for screwing this up. just goes to show that people like phil are important because security is too complicated for the masses (including /. geeks)
that's him all right. i verified it myself using the plain text version. bad
PZ has been a hero for many, but it's obvious that his motives where questioned when he joined CAI.
I'd like to see him working with the GPG folks.
No matter how well you think you've hidden something, somebody can always find it, and chances are they wouldn't tell you about it. Insisting on privacy just makes it easier for orgs with the resources to watch you in secret with time-honored techniques like traffic analysis and good old fashioned spying.
For more info you should read David Brin's The Transparent Society.
cryptochrome
---If you can't trust a nerd, who can you trust?
I am not a US citizen or even a resident... so for me the NSA is the Nasty Snooper from America
...since we all know he is a criminal. I don't trust a guy who illegaly export ammo from the USA, no matter that now he was considered innocent.
;)
I wish it had more of an API for incorporating it into other software though (Maybe it does and I just missed it...)
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Really? News to me. Examples? Or are you just recycling that old 'NSA_KEY' FUD?
--
If the good lord had meant me to live in Los Angeles
Whilst that doesn't rule out a -division- of the NSA working in the opposite direction, I think that (as a whole), they've got the message that security comes from within.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Given the immensity of human experience I think we can assume that any subjects covered by an intelligent man in a short note are there for a reason.
Given that he belabors the "trusted" versions and makes note of "different visions" I think you could safely bet large sums of money on backdoors in future versions and not lose any sleep over it.
'There is a Light that never goes out.'
Yes, I was too lazy to look up their middle names. Sue me.
sulli
RTFJ.
Another problem is that many of the features in OpenPGP are difficult to implement. With PGP 2, the trust associated with a key can be calculated using Dijkstra's algorithm. With OpenPGP it is much harder because when signing you can say in what circumstances the signature is valid. So instead of each key having a fixed trust value, it can have a potentially unlimited number of trust values for different situations.
Finally, all versions of PGP are too hard for novices to use. I wrote whisper to provide an easier way for novices to encrypt messages. You can use Whisper even if you are just a Microsoft Office person. You won't get any fancy crypto technology though (unless AES counts). Whisper is GPL'd.
Ugh, we seem to be having the same problem with Richard Stallman.
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
PRZ seems to stress on the points that PGP has NO backdoors as of now and that he and NAI have different visions of the product. Could this be somekind of a hint that NAI now wants to build backdoors into their product, probably to appease NSA or something like that ? After all we know that many MS products do have NSA backdoors.
It seems like this is always the result when some idealistic hacker sells out to the corporate hordes. Sure, for awhile they might placate the techie genius, but eventually the lawyers and the shareholders hijack the corporate 'vision' and the hacker is left to wonder what became of his utopian dreams for his software.
At least PRZ has the fact that it is an open standard to fall back on. He can go back and dupilcate the work he has already done - but still, it's seems an unneccessary waste of resources.
-josh