The following message may be reposted to all interested newsgroups. -----BEGIN PGP SIGNED MESSAGE----- From: Philip Zimmermann, author of PGP To: People interested in PGP Date: 28 May 94 On 24 May 1994, the Massachusetts Institute of Technology released PGP (Pretty Good Privacy) version 2.6. PGP is a software package that encrypts electronic mail, using public key cryptography. Over the past three years, PGP has become the worldwide de facto standard for email encryption. PGP 2.6 is being published under the terms of the RSAREF license from RSA Data Security, Inc (RSADSI). This is a significant milestone in PGP's legal development. Export of this software from the US or Canada may be restricted by the US Government. PGP version 2.6 is being released through a posting on a controlled FTP site maintained by MIT. This site has restrictions and limitations which have been used on other FTP sites to comply with export control requirements with respect to other encryption software such as Kerberos and software from RSA Data Security, Inc. These special mechanisms are intended to preclude export of cryptographic software from the US. The MIT FTP site that carries PGP is net-dist.mit.edu, in the pub/PGP directory. This new freeware version of PGP is for noncommercial use. For commercial use, you may get ViaCrypt PGP, available on a variety of platforms. ViaCrypt may be contacted at 602-944-0773, or via email at viacrypt@acm.org. PGP 2.6 is as strong as earlier versions. It contains no back doors. It can read messages, signatures, and keys from PGP versions 2.5, 2.4, 2.3a, and 2.3. Beginning in September, a built-in software timer will trigger PGP 2.6 to begin producing messages, signatures, and keys that cannot be read by earlier versions of PGP. It will still retain its ability to read things from earlier versions after that date, so that users who upgrade to 2.6 will not be inconvenienced, particularly if everyone else upgrades by that time. The reason for the change in format is to grant RSADSI's request to MIT to encourage all users to stop using older versions. ViaCrypt's new products will support the new formats used by PGP 2.6. Details of the compatibility issues and their reasons are outlined in the PGP User's Guide, included in the release package. See also the official statements released by MIT for further details. Version 2.6 also has some bug fixes and improvements of the version 2.5 released by MIT on 9 May 1994. Both the 2.5 and 2.6 versions were produced in a joint project between myself and MIT. Both versions were released by MIT after extensive review by MIT's administration and their legal counsel. I am told by MIT that MIT's legal counsel believes that both versions 2.5 and 2.6 do not infringe the RSA patents in any way, and they both comply with the terms of the RSAREF licenses that each were released under. But regardless of the noninfringing nature of version 2.5, I urge all PGP users in the US to upgrade to version 2.6, to help move toward eradication of earlier, pre-RSAREF versions of PGP. This will improve the overall political and legal landscape surrounding PGP. MIT will publish details on the simple format change so that earlier European versions of PGP may be independently upgraded by the Europeans. This note does not attempt to answer all the questions you may have about the implications of this new release of PGP. For further details, see the information released by MIT, or see the PGP User's Guide in the new release package. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLegMXmV5hLjHqWbdAQE0NAQAiTafSwM8eNfYYvkslNR6bun/GIelvziA M/9h5fn3zUQt2Bc6rkuz1TBlnMZUoduufinI9eSr+cdXbfhxNIQmRArhw3EJd1f+ siZaPmTR3YXvUwuXMcruMbUvEYpSBmtBVrxTzxNSIwx3/hJJB2z9sT1/B+UZdFwi EZX1O/mpiZw= =ULD1 -----END PGP SIGNATURE----- -------- For information about this Usenet posting service, send mail to remailer@soda.berkeley.edu, with Subject: remailer-info. Please, don't throw knives.