Cryptography Reference
In-Depth Information
started a criminal investigation on Zimmermann for allegedly violating the
Arms Export Control Act. People all over the world started donating for Phil
to finance his law suit. The publicity of the case led to enormous pressure on
the government. If it weren't for PGP, the discussion around the Clipper chip
(see Section 6.4) would probably have taken a different turn. Phil Zimmermann
became a celebrity.
The investigation lasted three years, but the government dropped its case with-
out indictment on January 11, 1996. However, the laws that had caused all this
stir had still not been entirely done away with.
PGP had changed the world. For the first time, everybody had a tool to pro-
tect their information effectively against third-party access. Phil Zimmermann
received loads of messages from enthusiastic users all over the world, includ-
ing countries like Latvia and even underground movements. Governmental
reactions, not only in the USA, hint that PGP seemed to also have stopped
intelligence activities. At least this would explain why the MIT was
not
sued
for violation of the export regulations, in contrast to Phil Zimmermann, although
they had the cryptologically high-quality RSAREF software on an ftp server
available for the whole world to download. However, this comparison made by
Garfinkel in [GarPGP] is a bit lame, because RSAREF did not directly serve
for the encryption of messages. By the letter of the law, however, exporting
RSAREF from the USA was also illegal.
Certainly, many influential people had been stirred, because the worldwide
proliferation of PGP could no longer be stopped, no matter what law.
We have anticipated a little of the topics we will discuss in Chapter 8. But it
is impossible to talk about PGP without mentioning its political impact. If you
are interested in more details about this adventurous story, I recommend you
to read [GarPGP].
7.1.2 What PGP Can Do
It can be frequently read or heard that PGP uses asymmetric methods to send
encrypted mails (meaning that the symmetric methods were 'out'), and that
everybody can use it for free.
That's simply nonsense! Firstly, PGP is not a mail program. It processes files
that a mailer can send, or has received. Secondly, PGP is certainly not 'RSA-
encrypted'; it uses hybrid methods: it encrypts a session key using RSA, and
the mail file itself using IDEA.
