[FYI] French users of OpenPGP against the PGP® of NAI

["Axel H Horns" <horns@ipjur.com>]

http://cryptome.org/pgp-what.htm

-------------------------------- CUT -------------------------------

19 September 2000 Source:
http://www.geocities.com/SiliconValley/Bay/9648/pgp2000.html (in
French)

Translation by Cryptome.

"What Has PGP® Become?"

French users of OpenPGP against the PGP® of NAI

By PGP en français (web site) and Michel Bouissou (administrator
network)

PARIS, September 19, 2000

"It's personal. It's private. And it's no one's business but yours." -
- Philip Zimmermann, PGP User's Guides, 1991.

At the end of August, a German researcher, Ralf Senderek, highlighted
a serious bug in the ADK function (Additional Decryption Key or
additional key of deciphering) of PGP 5.5.x, 6.x and 6.5.x
(http://www.cert.org/advisories/A-2000-18.HTML). This bug was
corrected very quickly by PGP Security Inc, a subsidiary of Network
Associates Inc. (NAI).

At the end of May, three European researchers had found another bug
in the random generator of the Unix/Linux version of PGP 5.0
(http://www.cert.org/advisories/A-2000-09.HTML). Versions 6.5 did not
contain this bug.

We are long-time users of PGP®. We have used it since 1995, and some
among us used it even since 1992. As French, we lived a long time
under a prohibition against the use of PGP® (but since France is a
democracy, in practice we could use it freely and publicly). We knew
what PGP® was: a tool of security providing nearly perfect
confidentiality and a robust authentification. But since version 2.0,
eight years after September 1992, what has become of PGP® in the year
2000?

Today, after the bug of PGP® 5.0 Unix and the bug of the ADK, we no
longer have any confidence in the recent versions of PGP®.

We reproach NAI for having transformed a software for computer
security into a software for marketing.

[...]

-------------------------------- CUT -------------------------------