[LINK] Network Associates Dumps PGP
Tue, 26 Mar 2002 11:32:24 +1100
I'm afraid this is a rather late response to Fred's post, but still of interest I think.
Copied below is the full text of a note published on the International PGP Home http://www.pgpi.org/files/PRZquitsNAI.txt on 19th February 2001 when Phil Zimmerman, the creator of PGP, left Network Associates. Much of it deals with the security of PGP in terms of its freedom from back doors. Also note that OpenPGP has been standardised by the IETF.
-----BEGIN PGP SIGNED MESSAGE-----
A note to PGP users:
As most PGP users know, Network Associates Inc (NAI) acquired my
company, PGP Inc, in December 1997. For three years after that, I
stayed on with NAI as Senior Fellow, to provide technical guidance
for PGP's continued development, and to ensure PGP's cryptographic
integrity. But I can't stay on forever. In the past three years,
NAI has developed a different vision for PGP's future, and it's time
for me to move on to other projects more fitting with my own
objectives to protect personal privacy.
Let me assure all PGP users that all versions of PGP produced by NAI,
and PGP Security, a division of NAI, up to and including the current
(January 2001) release, PGP 7.0.3, are free of back doors. In all
previous releases, up through PGP 6.5.8, this has been proven by the
release of complete source code for public peer review. New senior
management assumed control of PGP Security in the final months of
2000, and decided to reduce how much PGP source code they would
publish. If NAI ever publishes the complete PGP 7.0.3 source code, I
am confident that the public will be able to see that there are still
no back doors. Until that time, I can offer only my own assurances
that this version of PGP was developed on my watch, and has no back
doors. In fact, I believe it to be the most secure version of PGP
produced to date.
While it is true that NAI holds the PGP trademark and the source
code for the NAI implementation of PGP, I'd like to point out that
PGP is defined by an IETF open standard called OpenPGP, embodied in
IETF RFC 2440, which any company may implement freely into its
products. I will be working with other companies to support
implementations of the OpenPGP standard, to turn it into a real
industry standard supported by multiple vendors. I think the
emergence of more than one strong commercial implementation of the
OpenPGP standard is necessary for the long term health of the PGP
movement, and will, incidentally, ultimately benefit NAI.
To this end, I will be assisting the makers of HushMail, Hush
Communications (http://www.hush.com), to implement the OpenPGP
standard in their future products. They will be doing their own
announcement of this new relationship.
In addition, I will be assisting Veridis (http://www.veridis.com), a
recent spin-off of Highware (http://www.highware.com), to create
other OpenPGP compliant products, including software for certificate
authorities for the OpenPGP community.
I am also launching the OpenPGP Consortium (http://openpgp.org), to
facilitate interoperability of different vendors' implementations of
the OpenPGP standard, as well as to help guide future directions of
the OpenPGP standard.
This coming June marks the 10 year anniversary of the 1991 release of
PGP to the public. PGP was originally designed for human rights
applications, and to protect privacy and civil liberties in the
information age. By proliferating the OpenPGP standard, we can renew
that promise, and continue the commitment to personal privacy that
captured the imagination and participation of millions around the
19 Feb 2001
tel. +1 650 347-9743
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3
-----END PGP SIGNATURE-----
At 03:40 PM 19-03-2002 +1000, Pilcher, Fred wrote:
>A colleague of mine made some enquiries about PGPDisk and received this in
>part response. I assume it's public knowledge though I wasn't aware of it.
>Unfortunately PGP is no longer developed by Network Associates, which means
>that the version currently available is the last to be made by NAI. They
>are currently seeking a new company to purchase the brand name and
Networked Systems Consultancy Pty. Limited ABN 20 074 899 853
+61 2 9363 1094 (telephone) 9363 9622 (FAX)
PGP public key available by mail to: email@example.com
subject: GET David Lochrin