Cryptography Reference
In-Depth Information
With some friends, Zimmermann created a company called Metamor-
phic Systems. He received a phone call at the company one day, per-
haps one that changed the direction of his thinking for good, from a man
named Charlie Merritt, who had accomplished what Zimmermann failed to
do years ago: the implementation of the RSA PKC on a microcomputer.
NSA had effectively shut down Merritt's
company by threateningaction if they did not
stop exportingtheir software proram outside
the United States. Since this was the heart of
their enterprise, they had to find another way,
callingcompanies such as Metamorphic Systems
to see if their software might be incorporated in
the company's hardware for export. The idea
excited Zimmermann, and it inspired him to be-
gin writing his own program for e-mail encryp-
tion usingPKC.
It took a while for the ideas to develop and
the relationship to evolve, but by November of
1986, Merritt and Zimmermann had a project
for usingRSA. Nevertheless, RSA Data Security
Inc. had patents on the protocols they wanted
to use. Attempts were made to strike a deal
with the patent holders, but nothingsubstantive
came out of those discussions.
Zimmermann, undeterred, continued to work on his ideas to produce a ci-
pher without the explicit use of RSA protocols. By 1990, he had developed a
communications program, which he called
Pretty Good Privacy
, (PGP) a name
derived from a fictitious entity on a radio show,
Ralph's Pretty Good Grocery
.
By 1991, Zimmermann became concerned that some impendingleislation
by the government might make it illegal for him to launch PGP 1
.
0, so he
turned to the Internet. He uploaded copies of PGP 1
.
0 to the Internet for
anyone to use, that is,
freeware
. His intention was not to profit, but to make
encryption available to the masses for privacy considerations. Almost overnight,
the program became a hit, and Zimmermann was delighted, but version 1
.
0 had
its failings. He plugged the holes and killed the bugs in 1
.
0 to produce a vastly
superior version 2
.
0. One particularly important improvement was the addition
of certificates. Yet as we saw in Section 6.2, the proper handlingof certificates
requires a CA, but Zimmermann had no access to a PKI for this independently-
generated program, so he had to come up with a new idea. That idea was to
make the
users
of PGP, themselves, the CA. To do this, he had the idea of
signed keys, as a symbol of “trust”, for the communicating parties, something
he developed into what he called a
web of trust
, (which we discussed on pages
238 and 239). This web of trust became the users' self-enforcingCA.
In September of 1992, Zimmermann posted PGP 2
.
0 on the Internet as
freeware, and as the light of 1992 faded into memory, Zimmermann was becom-
Figure 8.1:
Phil Zimmer-
mann.
Courtesy of Phil Zimmer-
mann.
Search WWH ::
Custom Search