How we can save PGP - Zimmermann

Discussion in 'privacy technology' started by Paul Wilders, Mar 8, 2002.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    PGP inventor Phil Zimmermann says PGP can be saved, and has outlined how in an interview with The Register yesterday.

    "PGP is an institution that's bigger than any single company, or codebase, or product," says Zimmermann. "It's in limbo right now, and limbo is a bad place to be."


    Network Associates Inc wrote to customers last week informing them that it was ceasing development on PGP Desktop, and while promising to honor existing support contracts, said no bugfixes or updates would be issued. PGP staff were being transferred to Network Associates other business units. The company, which bought PGP Inc in 1997 for $36 million announced it wanted to find a buyer for PGP last November, but hasn't found an acceptable offer yet.

    Zimmermann said he wanted NAI to release the source code, suggesting a Berkeley-style license, and hoped to encourage development around the Open PGP standard:

    "The demise of the PGP business unit at NA is not the demise of the open PGP standard; there are other companies that implement the product that use the standard. Go to OpenPGP.org and you'll find a lot of concerned people that want to fill this niche."

    "Anyone interested in helping should contact me," he added.......

    Read the full story here:

    www.theregister.co.uk/content/54/24336.html
     
  2. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Hi Paul: Thank you for this post. Phil Zimmerman is someone who is determined to do whatever needs to be done to preserve what he has built. He has acknowledged certain mistakes on his part in the past in regards to ownership and marketing rights, and is determined to preserve PGP and allow OpenPGP to become his original vision.

    Cryptography is my life. Certain men (and a few women) can only be called "personal heroes" and Phil Zimmerman is one of those people.

    I appreciate the link to the article and your interest in keeping people interested in the privacy aspects of Internet security. This site is a breath of fresh air on the net where the big boy "computer security" sites focus on forensics, corporate security, and are actually hostile to "privacy nuts" and forget that modern day computer security in the eighties and nineties was born from computer privacy experts, cryptographers, and was more interested in keeping people OUT of our computers rather than the new thinking that computer security and "forensics" is one and the same. I don't buy it. Never have, never will. Phil Z. is another who believes we've had our term "computer security" hijacked by those who don't share our same interests in computer privacy. In fact, to the contrary. Thank you Paul, and for wilders.org.

    John
     
  3. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    ummm you should had started with what it does and why its important to have that cool utlity and then had us run there that software kick but its the ultimate privacy
     
  4. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    One way to show our appreciation sure would be to show we use it in the
    first place !

    -----BEGIN PGP SIGNATURE-----
    Version: 6.5.8ckt http://www.ipgpp.com/
    Comment: KeyID: 0x13648289

    iQA/AwUBPIm3zuB3zjoTZIKJEQIdCwCg+vU9e7Hx0hbGqZg8NsR05LsRnHIAn0gM
    Ez489jgor9mnmHM8/WSVsW3T
    =cbo6
    -----END PGP SIGNATURE-----
     
  5. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Hi Mickey: I don't show my appreciation for Italian food by eating it every night. In fact, I don't always show my appreciation for San Diego's much improved mass transit out to North County by riding it everytime I have reason to go to North County.

    And no, I don't think it shows a lack of appreciation for not using it to post at wilders.org.  Remember, it stands for Pretty Good PRIVACY. I mean, it's great if you want to use PGP that way, but I don't get the point. Why would you encrypt a message that is ending up on a PUBLIC message board?

    I DO show my appreciation for Zimmermann and PGP by "using it in the first place," like maybe every single day? I use it for electronic correspondence that I want to be private. Serious question, I'm not just "getting back" for a snide remark. Why do you do that? To me, it seems a little like carrying a new commercial from the advertising agency to the television station in a secure armoured car, only to take it in and broadcast it to all of Southern California! I don't care who sees it between here and there. So, I ask in all seriousness, how does it show appreciation for PGP by utilizing it to post in a public forum?

    But as my best frind always says, "whatever floats your boat." I'm just curious, and I did want to let you know I use PGP every day, for the purpose it is intended, to keep communication private.

    John
     
  6. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I didn't encrypt my post other than sign it, did i ?
    I simply showed i use PGP, and if more people were introduced to PGP that
    way, seeing that others are using it, then perhaps some more would be
    tempted to use it !
    Just my 2 cents !

    -----BEGIN PGP SIGNATURE-----
    Version: 6.5.8ckt http://www.ipgpp.com/
    Comment: KeyID: 0x13648289

    iQA/AwUBPInJy+B3zjoTZIKJEQLpEgCfemmPg+o7CGAL340qZJD4T4rsN2sAoJmP
    PFD5VnUW/zp1yxtS4skN4gII
    =wVUg
    -----END PGP SIGNATURE-----
     
  7. Eagle1

    Eagle1 Security Expert

    Joined:
    Feb 10, 2002
    Posts:
    206
    Location:
    Rio Rancho NM - Nevis, West Indies
    Do you publically let everyone know you use PGP with a signature or not? This has been a subject I have gone round and round with in my mind. (and that can take a while in this thick one)  :eek:

    I think whatever floats your boat is a good approach.  :D

    But seriously, I doubt using the signature is going to do anything for folks who don't use PGP except cause most to say to themselves "that is an odd looking message". That is exactly what I thought 2 years ago when I started seeing the sigs. It meant nothing else. No reference, nothing. It wasn't until I saw someone's signature that said the person used PGP for proprietory communications only, had is public key posted on his site, and a link that said to learn more about PGP click here that I was able understand the sig I was seeing.

    IMO the only folks that will care about your PGP capability are others you communicate with using it and the some government agencies that want to know who is trying to hide something.

    I have it and use very infrequently. Only for those communications I absolutely don't want readable which tends to be business or personal security related. Why encrypt all messages?  I have nothing to hide and prefer not to publically state that I like to hide because I don't.  And I don't respond to encrypted messages unless for the same reason.

    IMO over use can be a bad thing too and I don't see how that will help any cause to save it. The more folks use it unnecessarily the more likely governments are to use that as a reason to outlaw it.  IMO PGP is extremely important and must be protected and saved. But I don't see how public displays of being a user is going to help any.

    Simply my 2 cents.
     
  8. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Mickey My Man: I didn't really mean you enrypted the message. How could you to a public board like this one? I was only being colorful and dramatic in response to your remark, which I thought was a kind of "look at me, I advertise I use it and if you really appreciate it you should too" kind of thing.

    I have to agree with Ahmad. If one is truly interested in "pretty good" Privacy (in life, not the software) I frankly fail to see how advertising the fact you use an encryption email program squares with the mission of keeping your life private. It seems like the opposite is true.

    Using another analogy, it would be like enjoying to travel, but not wanting the world to know we like to travel, yet we place an ad for our travel agency in our signature. The purpose of using privacy tools is to, surprise, maintain our privacy. Letting the world  know we utilize an encryption program, and the specific program at that, with every non-private communication seems to fly in the face of its purpose.

    I want people to know I believe in our nation preserving a "right" to privacy. Because of my interests, specifically in computer use, I display a .gif to show that in my posts. It's like a bumpersticker. It says in a general way I support privacy. But, I just have to respectfully disagree that letting the world know that you use PGP in your private correspondence is the best and most private way to, as you put it, "show our appreciation sure would be to show we use it in the first place!"

    I hope this doesn't turn into a thing where you will write back angry and saying that your way is the "right" way and all that. I think if you want to do that, it's fine. But with my interest in privacy, please respect others privacy in choosing not to banner their use of PGP. Back to the "whatever floats your boat" thing.

    I like your homepage, by the way. I don't think I've ever told you that. I think the more sites providing links to security software, the better! I found a new one last night http://members.cox.net/pcprivacy
    It's not exhaustive, but they have tried to put the "best" (in their opinion) of certain tools in given categories.

    Bottom line: Paul's post on PGP was on target and those of us that use it appreciate it whether we advertise our use of it or not.

    John
     
  9. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    lol i brought punching gloves and pop corn lol here  blaze eat pop corn  now go for it lets get ready to rummmmmmmbbbbbleeeeee lol
     
  10. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    No need for punching gloves !
    My point is in all of this is that when it comes to any other programs, people are willing to share ideas, but when it concerns encryption programs and PGP all of a sudden it's the big mystery and secret.  It's no wonder PGP remains a mystery to far too many who see it as a mysterious difficult thing to grasp when in fact PGP is no more difficult to understand than any other security application.  You'd probably be surprized to find out how many lurkers and even members don't even know the main uses for PGP :
    1. Encrypt your mail so that only you and intended receiving party can read it.
    2. Encrypt files, so that again no unintended parties can read them.

    But hey,  if this topic has only achieved to interest one additional person to learn about PGP, so be it ! :)
     
  11. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    I can see merrit in both arguments.

    I don't think you need to hide the fact that you use it. If, as a privacy advocate, you wish to help promote PGP, not telling anyone about it will be of little help to PGP. If no one told you, you wouldn't be using it either.

    I Also see no benefit to adding a bunch of illegible mumbo-jumbo to every post you make. It does nothing to prove you are you. I can copy and paste all that stuff in my signature too, so what has it accomplished? Not much.

    PGP needs some attention true, but if newbies think that if they use it, they will annoy every one with gobble-de-gook in their posts, they may choose not to use it. But if they know nothing about it, they will obviously not be using it either.

    happy medium anybody?


    THIS MESSAGE WAS MADE BY ME I PROMISE.
     
  12. FarCry

    FarCry Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    82
    Location:
    Boston, MA
    I would like to learn more about PGP.
    Is this the right place to get it? http://www.pgp.com/products/default.asp

    Is it available for WinXP (NTFS)?

    Thanks
     
  13. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Wade, given that there is no specific encryption forum here, i will refer you to the PGP/Encrytion forum at Becky, where Graham will gladly provide all the help you will need/require :
    http://www.morelerbe.com/cgi-bin/ubb-cgi/ultimatebb.cgi?ubb=forum;f=4

    As for which version og PGP to get, i recommend :
    Version: 6.5.8ckt http://www.ipgpp.com/
     
  14. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    That's a good point, but if I might point you to the posts before Mickey's - we were promoting PGP! I'm not afraid of talking about PGP or sharing what I know about any and all encryption programs. But I don't feel as if I have to actually use PGP in situations where it's not necessary only to generate a question like, "what's all that?" so I can then go say "glad you asked!" I think Paul's post and my reply was letting people know about PGP without actually USING it in an unnecessary situation. Does that make sense? I know what I'm trying to say but don't think I'm getting it across very well.

    I also agree that newbies might be actually scared away from the program if they know nothing of it and it just looks like too much trouble.

    Mickey, I agree with you on your post to Wade. PGP 6.5.8 is the version I would recommend as well. This was the last version the source code was available. In fact, you can download PGP 6.5.8 and the source code as well (if you're into looking at that kind of thing yourself) at  [link]http://www.pgpi.org/products/pgp/versions/freeware/win32/6.5.8/[/link]

    I think it really is a personal preference thing about using the sigs in a public forum post. We all have our different opinions and that's a good thing, because otherwise new thoughts and ideas would never come out that would allow us to think and change our minds about anything.

    John
     
  15. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Well i will give you one example where it might be useful.  I like to send encrypted or at least signed emails to fellow PGPER'S.  You have left your email addy in your profile, but i could not locate your id key number.
     
  16. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Didn't I read somewhere that there was a question as to whether it was advisable or not to put your key up on a publicly accessible server ? Pete

    *For me, the whole PGP experience fell apart  at the key-exchange point. I had my key set up, but because I couldn't get the process down for exchanging keys with others (so you could send and receive encrypted messages to them) I just gave up on it.
     
  17. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Pete, i guess you are referring to the key signing process :
    Here is a suggested step by step procedure for key signing and exchange:
    Say Pete wants MTM to sign his key:

    1. Pete sends key to MTM.
    2. MTM signs key and returns to Pete
    3. Pete puts this key in PGP Keys
    4. Pete sends key update to Server if he so wishes.

    Now Pete can send key to someone else for signing.
    This is how you achieve multiple signatures on your key.

    However, you should not sign someone else's key unless you know him or her, as your signature means you trust that person.

    Pete alone should send key to server.

    And Pete should make sure he keeps a copy of his keyrings on a floppy just in case his system crashes, as there is no way to read any of your messages without your private key. So keep it in a safe place !
    Finally, make sure your passphrase is easy for you to remember, and yet not written anywhere as the whole point of encryption will be defeated if someone finds what your passphrase is.

    Having your key signed by others is not mandatory for you to send it to a keyserver.  However, your public key should include every email account for which you want others to be able to encrypt mail to.
     
Loading...
Thread Status:
Not open for further replies.