-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
PGP, Inc. and many other security companies were purchased by Network
Associates in 1997/98. PGP, Inc. was (and still is) one of the
standard bearers for anti-key-recovery solutions including pioneering
the methods for publication of scannable source code in book form.
What happened is that NAI also bought TIS. TIS was like the anti-PGP
at the time in terms of key recovery philosophy. Both companies had
good quality products, but TIS definitely had a radically different
philosophy from PGP, Inc.
Anyway, to make a long story short: NAI never enrolled in the KRA.
TIS was a member. When NAI bought TIS, the KRA changed the name on
their web page to NAI -- presumably because it looked better for them
to put a big company's name there. Shortly thereafter, NAI requested
(because Phil Zimmermann informed the NAI execs about the evils of
key recovery) that its name be removed and it was. The membership
was not renewed since the time when TIS originally was a part of it.
It's that simple.
So in any case, the issue was rapidly corrected, and within months of
NAI purchasing TIS, TIS had killed all of its key recovery features,
and the KRA membership had been cancelled.
So effectively, NAI was responsible for purchasing one of the most
vociferous supporters of key recovery and rapidly eliminating that
stance from it and all the features that stood behind it. I'm
actually quite pleased with the rapid turnaround and the outcome.
The KRA now appears to be dead, their website does not respond, the
TIS group is just as anti-key-recovery as PGP ever was, PGP's
government lobbying efforts against export controls were majorly
enhanced by the backing of NAI, and PGP's regular source code
publishing played a pivotal role in the change of government policy.
You may have forgotten now that there was a time when mandatory key
recovery and stronger export controls seemed just around the corner
in the US. It was a difficult time, and I would ask that you
recognize that the PGP group was at every moment unflinching in its
opposition to all of this, and that we were influential in making
sure those things never came to pass.
Dennis Glatting wrote:
>
> "L. Sassaman" wrote:
> >
> > PGP's source code has always been available for public review.
> > This has not changed. There are no "back doors" for the NSA in
> > PGP, and PGP has never supported weak (under 128 bit) encryption,
> > and never will.
> >
>
> Who's PGP? Last I looked PGP Inc. was owned by Network Associates,
> a key recovery alliance member.
- - --
Will Price, Director of Engineering
PGP Security, Inc.
a division of Network Associates, Inc.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0 (Build 170 Alpha)
iQA/AwUBOSOOo6y7FkvPc+xMEQI+xwCfQBj0KqZUFLAu57GlgLILDNycX4oAmwSi
RKsTk/l9kpvCubos3cjvXBcg
=irgt
-----END PGP SIGNATURE-----
