http://www.wired.com/news/privacy/0,1848,44324,00.html PGP: Happy Birthday to You By Declan McCullagh (declanat_private) 3:40 p.m. June 5, 2001 PDT WASHINGTON -- Phil Zimmermann became the world's first cyberspace hero 10 years ago this week. In a move that transformed the way Internet users viewed privacy and made him the target of a federal criminal probe, Zimmermann released Pretty Good Privacy on June 5, 1991. For the first time, PGP allowed PC users to encode their files and e-mail messages using state of the art encryption algorithms. While the clunky, buggy PGP 1.0 had its problems -- Zimmermann didn't know it at the time, but the original version was vulnerable to crypto-savvy codebreakers -- it was still far more popular than even the most optimistic observers could have imagined. "Little did I realize what a feeding frenzy PGP would set off. Apparently, there was a lot of pent-up demand for a tool like this," said Zimmermann, 47, in an e-mail message distributed Tuesday. The 1.0 version included source code -- a bare-all approach that quickly became a PGP trademark -- and only worked on MS-DOS computers. Macintosh and Unix versions came later. By the time version 2.0 was released in September 1992, Zimmermann had earned the enmity of RSA Data Security, which owned a patent that PGP arguably infringed upon, and the adoration of thousands of grassroots users who finally had a reliable, if not especially convenient, way to preserve the privacy of their e-mail conversations. [...] --- http://www.politechbot.com/docs/pgp.anniversary.060501.html Date: Tue, 5 Jun 2001 12:37:58 -0700 To: Declan McCullagh From: Philip Zimmermann Subject: PGP Marks 10 Year Anniversary Content-Type: text/plain; charset="us-ascii" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Today marks the 10th anniversary of the release of PGP 1.0. It was on this day in 1991 that I sent the first release of PGP to a couple of my friends for uploading to the Internet. First, I sent it to Allan Hoeltje, who posted it to Peacenet, an ISP that specialized in grassroots political organizations, mainly in the peace movement. Peacenet was accessible to political activists all over the world. Then, I uploaded it to Kelly Goen, who proceeded to upload it to a Usenet newsgroup that specialized in distributing source code. At my request, he marked the Usenet posting as "US only". Kelly also uploaded it to many BBS systems around the country. I don't recall if the postings to the Internet began on June 5th or 6th. It may be surprising to some that back in 1991, I did not yet know enough about Usenet newsgroups to realize that a "US only" tag was merely an advisory tag that had little real effect on how Usenet propagated newsgroup postings. I thought it actually controlled how Usenet routed the posting. But back then, I had no clue how to post anything on a newsgroup, and didn't even have a clear idea what a newsgroup was. It was a hard road to get to the release of PGP. I missed five mortgage payments developing the software in the first half of 1991. To add to the stress, a week before PGP's first release, I discovered the existence of another email encryption standard called Privacy Enhanced Mail (PEM), which was backed by several big companies, as well as RSA Data Security. I didn't like PEM's design, for several reasons. PEM used 56-bit DES to encrypt messages, which I did not regards as strong cryptography. Also, PEM absolutely required every message to be signed, and revealed the signature outside the encryption envelope, so that the message did not have to be decrypted to reveal who signed it. Nonetheless, I was distressed to learn of the existence of PEM only one week before PGP's release. How could I be so out of touch to fail to notice something as important as PEM? I guess I just had my head down too long, writing code. I fully expected PEM to crush PGP, and even briefly considered not releasing PGP, since it might be futile in the face of PEM and its powerful backers. But I decided to press ahead, since I had come this far already, and besides, I knew that my design was better aligned with protecting the privacy of users. After releasing PGP, I immediately diverted my attention back to consulting work, to try to get caught up on my mortgage payments. I thought I could just release PGP 1.0 for MSDOS, and leave it alone for awhile, and let people play with it. I thought I could get back to it later, at my leisure. Little did I realize what a feeding frenzy PGP would set off. Apparently, there was a lot of pent-up demand for a tool like this. Volunteers from around the world were clamoring to help me port it to other platforms, add enhancements, and generally promote it. I did have to go back to work on paying gigs, but PGP continued to demand my time, pulled along by public enthusiasm. I assembled a team of volunteer engineers from around the world. They ported PGP to almost every platform (except for the Mac, which turned out to be harder). They translated PGP into foreign languages. And I started designing the PGP trust model, which I did not have time to finish in the first release. Fifteen months later, in September 1992, we released PGP 2.0, for MSDOS, several flavors of Unix, Commodore Amiga, Atari, and maybe a few other platforms, and in about ten foreign languages. PGP 2.0 had the now-famous PGP trust model, essentially in its present form. It was shortly after PGP 2.0's release that US Customs took an interest in the case. Little did they realize that they would help propel PGP's popularity, helping to ignite a controversy that would eventually lead to the demise of the US export restrictions on strong cryptography. Today, PGP remains just about the only way anyone encrypts their email. And now there are a dozen companies developing products that use the OpenPGP standard, all members of the OpenPGP Alliance, at http://www.openpgp.org. What a decade it has been. - - -Philip Zimmermann 5 June 2001 Burlingame, California http://www.philzimmermann.com -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.3 iQA/AwUBOx0vPsdGNjmy13leEQJ4qQCgoLgAAZJfe2ORgoplAv9s39/JtP8AoOhu nnhGSufR7jjAGj4tM8djwrcm =MeBD -----END PGP SIGNATURE----- -- ------------------------------------------------------ Philip R Zimmermann http://web.mit.edu/prz tel +1 650 347-9743 przat_private fax +1 650 348-4849 See web site for PGP keys ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe, visit http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jun 05 2001 - 20:09:11 PDT