[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] French users of OpenPGP against the PGP® of NAI
- To: krypto@thur.de
- Subject: [FYI] French users of OpenPGP against the PGP® of NAI
- From: "Axel H Horns" <horns@ipjur.com>
- Date: Tue, 19 Sep 2000 19:39:32 +0200
- CC: debate@fitug.de, eucrypto@fitug.de
- Comment: This message comes from the debate mailing list.
- Organization: NONE
- Sender: owner-debate@fitug.de
http://cryptome.org/pgp-what.htm
-------------------------------- CUT -------------------------------
19 September 2000 Source:
http://www.geocities.com/SiliconValley/Bay/9648/pgp2000.html (in
French)
Translation by Cryptome.
"What Has PGP® Become?"
French users of OpenPGP against the PGP® of NAI
By PGP en français (web site) and Michel Bouissou (administrator
network)
PARIS, September 19, 2000
"It's personal. It's private. And it's no one's business but yours." -
- Philip Zimmermann, PGP User's Guides, 1991.
At the end of August, a German researcher, Ralf Senderek, highlighted
a serious bug in the ADK function (Additional Decryption Key or
additional key of deciphering) of PGP 5.5.x, 6.x and 6.5.x
(http://www.cert.org/advisories/A-2000-18.HTML). This bug was
corrected very quickly by PGP Security Inc, a subsidiary of Network
Associates Inc. (NAI).
At the end of May, three European researchers had found another bug
in the random generator of the Unix/Linux version of PGP 5.0
(http://www.cert.org/advisories/A-2000-09.HTML). Versions 6.5 did not
contain this bug.
We are long-time users of PGP®. We have used it since 1995, and some
among us used it even since 1992. As French, we lived a long time
under a prohibition against the use of PGP® (but since France is a
democracy, in practice we could use it freely and publicly). We knew
what PGP® was: a tool of security providing nearly perfect
confidentiality and a robust authentification. But since version 2.0,
eight years after September 1992, what has become of PGP® in the year
2000?
Today, after the bug of PGP® 5.0 Unix and the bug of the ADK, we no
longer have any confidence in the recent versions of PGP®.
We reproach NAI for having transformed a software for computer
security into a software for marketing.
[...]
-------------------------------- CUT -------------------------------