Newsgroups: alt.security,sci.crypt Path: sparky!uunet!cs.utexas.edu!asuvax!ncar!sage.cgd.ucar.edu!prz From: p...@sage.cgd.ucar.edu (Philip Zimmermann) Subject: Zimmermann's answer to RSADSI PGP remarks Message-ID: <1992Dec18.023243.6748@ncar.ucar.edu> Sender: p...@sage.cgd.ucar.edu (Philip Zimmermann) Organization: Climate and Global Dynamics Division/NCAR, Boulder, CO Date: Fri, 18 Dec 1992 02:32:43 GMT Lines: 34 I would like to answer charges from Jim Bidzos of PKP/RSADSI that I stole ideas from his public key encryption product, MailSafe. In late 1986 Jim Bidzos demoed a copy of MailSafe and left it with me, with no documentation. I remember very little of that demo, and never ran the program again after that day (because I lacked the manual), and lost track of the program soon thereafter. I haven't seen it since. I have no objection to giving credit to others for their ideas, as anyone can see from reading the extensive "Acknowledgements" section of the PGP manual. Certainly if I had gotten any significant ideas from MailSafe, I would have credited them in the PGP manual along with everyone else. And I have not even the slightest reason to lie about it, because I don't think there is anything wrong with using "ideas" from other products. But I didn't get any ideas from MailSafe that were used in PGP. All of the ideas for PGP came from my own reading of the cryptography literature, from talking with others, and from my own instincts as a software engineer experienced in this art. If you know cryptography well, it seems obvious that these features are among those required to implement a good product. Indeed, some of the features described by Bidzos that are common to MailSafe and PGP came as a surprise to me when I recently read them in his remarks. For example, I didn't know MailSafe compressed the plaintext, checked itself for viruses, and used ASCII encoding of the binary files. I applaud the recent eloquent remarks of Columbia Law School Professor Eben Moglen on the legal issues of PGP. People can certainly debate the complex legal issues. But one thing is certain: I did not steal any ideas from MailSafe in my design of PGP. -Philip Zimmermann