Zimmermann Suggests Freeing PGP Source

broody writes "NewsForge has an interesting article detailing Phillip R Zimmermann's lament at selling PGP. Since he cannot afford to buy it back outright, he is pushing for Network Associates to 'open source' it. Well, the GUI and SDK anyway. I'll say this, he's an interesting little capitalist."

Re:Why listen to him?

[Cally]

> If this guy sold PGP five years ago, what authority
> does he have now to suggest the change?

"This guy" developed the PGP protocol, and it's first implementation, then released it freely on the Internet when it seemed likely the US Govt. was about to criminalise *all* personal encryption.

So, only moral authority... which doesn't seem to be worth much on the free market, these days.

Re:Free PGP? How about GnuPGP

[cygnusx]

GnuPG (not GnuPGP) dont work in Windows

GnuPG _does_ work on Windows: http://ftp.gnupg.org/gcrypt/binary/gnupg-w32-1.0.6 -2.zip

But it's not graphical. For that, I've been using WinPT for some time. It's a pretty good replacement for PGPtray, not as pretty though. And it imported all my PGP 6.x/Win Keys fine too. Download with all dependencies here

Phil, Please Join Us!

[Bruce+Perens]

Phil,

We'd really like you to join the work on GnuPG, and on GUI projects like GNOME. I think it would be most productive to write off the PGP code base and continue your work on the existing Free Software projects. We've gotten most of the hard work done already.

Thanks

Bruce

Re:Dead Man's Switch

[Bruce+Perens]

This is sort of like source-code escrow, but not customer-specific.

In source-code escrow, the vendor promises to provide the source-code to the customer if the vendor goes out of business.

The problem is that bankruptcy courts often overturn source-code escrow clauses, because the source code turns out to be the firm's only salable asset.

The best solution is to free the code first, and for the customer to be careful not to become dependent on closed-source.

Bruce

The real reason this will never happen

[Monkelectric]

[you@someterminal you]# cd pgp-source
[you@someterminal you]# grep -c -r -i "nsa"
27

Re:Dead Man's Switch

[kalidasa]

His idea for a Dead Man's Switch license would be very interesting to see implemented. It would be nice to see something like that used in a lot of commercial software.

They used to have that. It was called copyright. One got a fixed term of copyright, could renew it for a small fee after that term to extend it to 75 years (net, not additional), and then it would go public domain after the 75 years were up. Then someone thought of the Berne Convention, and someone else thought of the Bono Bill, and someone else thought of the DMCA . . .

Re:Free PGP? How about GnuPGP

[Zeinfeld]

If he really wants to do something, GnuPGP would probably welcome him with open arms...

Have you tried to work with Phil Z.? Oh... thought not.

People who end up in the mess Phil did are not always the folk with the best social interfaces...

The problem with PGP is that overall it is tending to hinder the use of crypto than help at this point. There is perfectly good crypto built into Outlook, Outlook Express, Notes, Netscape etc. Only thing is people don't know its there because they are being told that only crypto persecuted by the NSA should be used.

PGP has a somewhat different PKI design, but not all that much different. Anyone can be a CA with X.509, the only technical difference being that certificate signing certs have the key signing bit set.

Rather than attempt to resurect the PGP message formats it would be better to spend time building S/MIME key signing code.