Cryptography Reference
In-Depth Information
distribute it as shareware either (money can be made with shareware in the
USA). Furthermore, a law passed in 1991 bound all vendors of communication
devices and services to supply the plaintext of data streams flowing though
their devices and networks to governmental agencies upon request. That went
far beyond the then current export regulations. It also limited potentially good
cryptography dramatically within the USA.
Zimmermann panicked. He had just replaced DES as the symmetric method
used (and which he didn't trust any more) by his own algorithm, called
Bass-
O-Matic
. Though this algorithm hadn't been studied thoroughly yet, he quickly
put together PGP Release 1.0 and gave it to a friend. This friend publicized
it in the Usenet, which meant the Internet. No matter what else was bound to
happen, PGP was no longer to be stopped. In 1992, Release 2.0 was published.
It was developed with contributions from all over the world, and implemented
the secure IDEA algorithm instead of
Bass-O-Matic
.
Now Zimmermann had not only patent-law problems on his back, but he was
accused of having violated the strict export regulations, which means that, in
addition to RSADSI, he now also had the FBI, the NSA, and other agencies
turned against him. However, it is unknown who actually put PGP on the
Internet.
Patent Problems
The patent issue had eventually been clarified. From 1993 onwards, Zimmer-
mann had cooperated with
ViaCrypt
, a company that owned a legal RSA
license. This is why the commercial PGP version was sold by
ViaCrypt
in
the USA. On the other hand, he got unexpected assistance from the MIT,
where RSA was originally developed. The MIT had created a software library
called RSAREF, which could be used freely for non-commercial purposes.
This is how PGP Version 2.5 came about in 1994. It was the first legally sold
version. Though it still allegedly violated the PKP patents (see Section 4.5.3),
the conflict ended in a tradeoff: Zimmermann implemented a cosmetic change
that made the new Release 2.6 incompatible with all former illegal versions.
The patent custodians could then prosecute only users of PGP Release 2.5 and
lower, while the whole world used PGP 2.6.
The Security of the USA at Stake!
As it happened, the violation of export regulations turned out to be much
more serious, for it served to 'preserve the national security'. US Customs
