Re: Pretty Good Privacy Not Looking So Great

spunkanado (
Fri, 5 Dec 1997 16:37:31 -0500 (EST)

On Fri, 5 Dec 1997, David Long wrote:

> Perhaps some FoRKers can suggest what Mr. Zimmerman's board should have
> done instead? To paraphrase a cyphernomicon[1]: "Don't get mad,
> get even. Sell code."

Selling code is not the issue with me. As a worker in the field of paid
coders, amongst other things I do, I do not begrudge a dime to those that
work so hard on a good piece of code. And from what Zimmerman went thru
with legal fees and the hassel of courts and the fed on his ass I would
say the man should have a large grant tossed in his lap by a welathy

But what we have here is not so much a seeling of code but a selling of
the very spirit that he, Phil Zimmerman, stated so well in his original
PGP doc. The idea that strong encryption should be available to every one
and that no governing body should act so as to weaken the keys for thier
own use.

The products comming from the nw company will hold to niehter of these
ideas. , and as such will get very little use from thems tht knows what
encryption is realy for. Im sure those folks who use such things as MYSAFE
DESKTOP and SECUREMYWINMINE GAMES will be eager to buy into the whole PGP
thing they have read so much about. And Im sure the interface is going to
imporve 100 percent so that those who were wary of its workings behind the
prompt will gladly use it with its shinny new face lift. But what is under
it will be the real tell. If its weak crypto, its kakapooopoo (a
technical term meaning "not very good" and not to be confused with

"This is like selling automotive seat belts that look good and feel good,
snap open in even the slowest crash test. Depending on them may be
worse than not wearing seat belts at all. No one suspects they are bad
a real crash. Depending on weak cryptographic software may cause you
to unknowingly place sensitive information at risk. You might not
otherwise have done so if you had no cryptographic software at all.
Perhaps you may never even discover your data has been compromised."
Phil Zimmerman pgp 5.0 manual.

> My understanding is that despite "four million users in 50 countries"[2],
> PGP, Inc. did not have appreciable revenue, and after one has run in
> the red long enough, it can be very difficult to find financing.

Maybe Phil Zimmerman should have a talk with Phil Katz. He took pkzip an
winzip to places no one thought possible, same for a large and growing
game industry based at first onthe sharware concept. Im not buying that
PGP as a company did all it could to make the profit needed to meet its
needs and then some.

What I do see is a compnay with a product that is the HOT POTATO of the
year, the big old burning chunk of starch that could as easily land them
all in jail as get them rich. I can easily see how after a few years of
living in the trenches Phil and his crew would want a safe haven, a place
to not be under so much fire from all parties, the gov from one side to
stop him and the cypherpunks/netinyahoos to keep up the good fight. The
strain has got to be intense.

Regardless of all the biz aspects of PGP, it is the spirit of the original
PGP that has spured on the whole thing. If these basic pillars of PGP are
taken away, then I can see very little use for any product calling itself

For instance, from the 5.0 release , in Phils own words ....

"In keeping with my own long-standing tradition from the days before I
started this company, we will also publish the complete source code for
PGP for Personal Privacy, Version 5.0, to facilitate peer review and to
allow everyone to assure themselves that there are no hidden back doors
that might compromise security. This will be published initially in the
form of a printed book."

> I should think Cypherpunks would be happy to observe the rather lopsided
> balance of power between politics and economics that this acquisition
> demonstrates :-)

I think one of the things this whole episode poitns out is that people are
still Killing Thier Idols. the cypherpunk community as well as the net
users of pgp iin general are to blame for this as much as anyone. But the
real crux of the matter for me is this..

There was a time before Zimmerman and there will be a time after him. No
one person will be the All Cure to the problems we face. I think its a
good thing the cahnging of the gaurds has occured. Phil can go on and make
a iving, bless his soul he deserves it and more, and let some new kid take
the postioin of front line solider. It is also good to get things from
being too complacent, too much of the same old same old. Now that PGP has
indeed spread to reach a vast audience and has indeed met is charter of
making people aware of the problem and giving them tools to use, now that
all this has come to pass something new needs to poke its head over the
horizin. On the shoulders of PGP , who knows what will grow, or how many
of the bozos on this list will be doing it:)--

Any way, in breif I wish phil well, wont be using any products that are
weakend and look forward to the next best thing since sliced bread.

"meet the new boss, same as the old boos" pt