Discussion:
Original PGP Source Code Post
Add Reply
Jason Evans
2020-09-22 11:19:59 UTC
Reply
Permalink
Hi all,

This is a big long shot, but I would like to know if anyone has a copy of
the original PGP source code post for PGP from June 1991. It's not on
Google Groups. I found the original binary posts to alt.source in a
shovelware cdrom image on archive.org but not the actual source code post.

Also, I have the pgp10.zip file that was uploaded to ftp servers at the
time that contains the source code. I want to get a copy of the actual
first source code post itself.
--
JE
Grant Taylor
2020-09-22 15:17:41 UTC
Reply
Permalink
Post by Jason Evans
Hi all,
Hi,

Have you tried looking through the various Usenet archives? I know that
there are a number of them on The Internet Archive? There are a few
other places too.
--
Grant. . . .
unix || die
Faux Dameron
2020-09-22 17:42:26 UTC
Reply
Permalink
Post by Grant Taylor
Post by Jason Evans
Hi all,
Hi,
Have you tried looking through the various Usenet archives? I know that
there are a number of them on The Internet Archive? There are a few
other places too.
Yup, I've already downloaded most of them from Internet Archive for my
own use. It's strange. I see messages from around that week, but not
those actual articles. It was a miracle finding the articles that I did
find and those weren't in any of the other sources.
Adam Sampson
2020-09-22 19:57:04 UTC
Reply
Permalink
Post by Jason Evans
This is a big long shot, but I would like to know if anyone has a copy
of the original PGP source code post for PGP from June 1991.
Looking at the very end of the utzoo Usenet archive, there's some
Post by Jason Evans
A short while back, someone posted an article in a whole bunch of
newsgroups, announcing a new piece of software called "Pretty Good
Privacy". The announcement said that binaries for the IBM PC would
appear in c.b.i.p. [...] Did it ever get submitted to the c.b.i.p
moderator? Is it scheduled to be posted?
As far as I can tell it was never submitted. I keep a record of
anything I get, even if I reject it, and I see no evidence that I got
it. If it was encryption software I would not post it because of the
ban on exporting certain technology. And I bet the ftp sites in the US
wouldn't carry it either, as was done with pkzip at one point.
I got [the PGP binaries and source] by ftp from somewhere, I believe
the author's machine. I think he said he decided not to upload them
because of some corespondance with PKP or RSA.
So it might be that they weren't posted to Usenet as quickly as the
original 7th June 1991 announcement suggested. (The announcement itself
shows up first in RISKS Digest 11.86, on 11th June.)
--
Adam Sampson <***@offog.org> <http://offog.org/>
Nomen Nescio
2020-09-25 08:47:42 UTC
Reply
Permalink
Post by Jason Evans
Hi all,
This is a big long shot, but I would like to know if anyone has a copy of
the original PGP source code post for PGP from June 1991. It's not on
Google Groups. I found the original binary posts to alt.source in a
shovelware cdrom image on archive.org but not the actual source code post.
Also, I have the pgp10.zip file that was uploaded to ftp servers at the
time that contains the source code. I want to get a copy of the actual
first source code post itself.
The only archive from that era that I know of (UTZOO tapes) does not
include sci.crypt in it. There are couple mentions of PGP and Zimmermann
in 1991, but I can't find the original post. If you're interested, UTZOO
tapes are available on archive.org
Stefan Claas
2020-09-25 16:53:07 UTC
Reply
Permalink
Post by Jason Evans
Hi all,
This is a big long shot, but I would like to know if anyone has a copy of
the original PGP source code post for PGP from June 1991. It's not on
Google Groups. I found the original binary posts to alt.source in a
shovelware cdrom image on archive.org but not the actual source code post.
Also, I have the pgp10.zip file that was uploaded to ftp servers at the
time that contains the source code. I want to get a copy of the actual
first source code post itself.
Hi,

looks like the source code is available here, from different sources
and in different file sizes.

https://www.mmnt.ru/int/get?st=pgp10src

Regards
Stefan
Stefan Claas
2020-09-25 18:08:47 UTC
Reply
Permalink
Post by Jason Evans
Hi all,
This is a big long shot, but I would like to know if anyone has a copy of
the original PGP source code post for PGP from June 1991. It's not on
Google Groups. I found the original binary posts to alt.source in a
shovelware cdrom image on archive.org but not the actual source code post.
Also, I have the pgp10.zip file that was uploaded to ftp servers at the
time that contains the source code. I want to get a copy of the actual
first source code post itself.
I did a little search and found these links. Hopefully they contain the
correct source code.

https://www.mmnt.ru/int/get?st=pgp10src

Regards
Stefan
Jason Evans
2020-10-15 11:42:27 UTC
Reply
Permalink
I just wanted to share this since I finally found it in case anyone is
interested.

---------------
From: ***@well.sf.ca.us (Kelly Goen)
Newsgroups: alt.sources
Subject: Pretty Good Privacy(tm) Email Privacy Module Sources 1/5
Message-ID: <***@well.sf.ca.us>
Date: 6 Jun 91 21:07:36 GMT


This is release file 1/5 of Phil Zimmermans Pretty Good Privacy(tm)
An RSA/Hybrid Email Privacy System release under the aegis of Copyleft.
Although the source code and Binaries are totally Freeware, the algorithms
embedded within are Patented Items. PK Partners of Sunnyvale, California
is the current holder of the Patents. To utilize this software for other
than
educational purposes(i.e. Real Life Usage) you should Contact PK Partners
and obtain Licensing. The author accepts no liability for your actions in
either case. Contact Information for PK Partners is given in the
documentation.

section 1 of uuencode 2.8 of file pgp10src.zip by R.E.M.
----------------

Found here: https://archive.org/details/CDROM_March92
File: /usenet/altsrcs/3/3463

__
JE
J. Clarke
2020-10-15 12:10:15 UTC
Reply
Permalink
Post by Jason Evans
I just wanted to share this since I finally found it in case anyone is
interested.
---------------
Newsgroups: alt.sources
Subject: Pretty Good Privacy(tm) Email Privacy Module Sources 1/5
Date: 6 Jun 91 21:07:36 GMT
This is release file 1/5 of Phil Zimmermans Pretty Good Privacy(tm)
An RSA/Hybrid Email Privacy System release under the aegis of Copyleft.
Although the source code and Binaries are totally Freeware, the algorithms
embedded within are Patented Items. PK Partners of Sunnyvale, California
is the current holder of the Patents. To utilize this software for other
than
educational purposes(i.e. Real Life Usage) you should Contact PK Partners
and obtain Licensing. The author accepts no liability for your actions in
either case. Contact Information for PK Partners is given in the
documentation.
section 1 of uuencode 2.8 of file pgp10src.zip by R.E.M.
----------------
Found here: https://archive.org/details/CDROM_March92
File: /usenet/altsrcs/3/3463
OK, so as of 6 Jun 1991 it was patented. In the US patents are in
force for at most 20 years, so that one expired in or before 2011. And
releasing something as "open source" and then claiming patent on the
algorithms is assholery IMO.
Ahem A Rivet's Shot
2020-10-15 13:25:01 UTC
Reply
Permalink
On Thu, 15 Oct 2020 08:10:15 -0400
Post by J. Clarke
OK, so as of 6 Jun 1991 it was patented. In the US patents are in
force for at most 20 years, so that one expired in or before 2011. And
releasing something as "open source" and then claiming patent on the
algorithms is assholery IMO.
Why ? The idea of a patent is to allow (and require) publishing of
the details of an invention in return for disallowing others to exploit it
without permission. Not that different to open source really.
--
Steve O'Hara-Smith | Directable Mirror Arrays
C:\>WIN | A better way to focus the sun
The computer obeys and wins. | licences available see
You lose and Bill collects. | http://www.sohara.org/
Peter Flass
2020-10-15 14:28:44 UTC
Reply
Permalink
Post by J. Clarke
Post by Jason Evans
I just wanted to share this since I finally found it in case anyone is
interested.
---------------
Newsgroups: alt.sources
Subject: Pretty Good Privacy(tm) Email Privacy Module Sources 1/5
Date: 6 Jun 91 21:07:36 GMT
This is release file 1/5 of Phil Zimmermans Pretty Good Privacy(tm)
An RSA/Hybrid Email Privacy System release under the aegis of Copyleft.
Although the source code and Binaries are totally Freeware, the algorithms
embedded within are Patented Items. PK Partners of Sunnyvale, California
is the current holder of the Patents. To utilize this software for other
than
educational purposes(i.e. Real Life Usage) you should Contact PK Partners
and obtain Licensing. The author accepts no liability for your actions in
either case. Contact Information for PK Partners is given in the
documentation.
section 1 of uuencode 2.8 of file pgp10src.zip by R.E.M.
----------------
Found here: https://archive.org/details/CDROM_March92
File: /usenet/altsrcs/3/3463
OK, so as of 6 Jun 1991 it was patented. In the US patents are in
force for at most 20 years, so that one expired in or before 2011. And
releasing something as "open source" and then claiming patent on the
algorithms is assholery IMO.
That’s what struck me, too. Would that imply that you could recompile
and/or use the software but not modify it? That conflicts with the
definition of open source.
--
Pete
Grant Taylor
2020-10-15 18:18:38 UTC
Reply
Permalink
That conflicts with the definition of open source.
"Open Source" can mean a LOT of different things. Anything from "you
are strictly bound by an NDA after having seen our source code, despite
the fact that you can't do anything with what you've seen" to "here it
is, do whatever you want with it, just don't blame us".
--
Grant. . . .
unix || die
Peter Flass
2020-10-15 18:57:52 UTC
Reply
Permalink
Post by Peter Flass
Post by J. Clarke
Post by Jason Evans
I just wanted to share this since I finally found it in case anyone is
interested.
---------------
Newsgroups: alt.sources
Subject: Pretty Good Privacy(tm) Email Privacy Module Sources 1/5
Date: 6 Jun 91 21:07:36 GMT
This is release file 1/5 of Phil Zimmermans Pretty Good Privacy(tm)
An RSA/Hybrid Email Privacy System release under the aegis of Copyleft.
Although the source code and Binaries are totally Freeware, the algorithms
embedded within are Patented Items. PK Partners of Sunnyvale, California
is the current holder of the Patents. To utilize this software for other
than
educational purposes(i.e. Real Life Usage) you should Contact PK Partners
and obtain Licensing. The author accepts no liability for your actions in
either case. Contact Information for PK Partners is given in the
documentation.
section 1 of uuencode 2.8 of file pgp10src.zip by R.E.M.
----------------
Found here: https://archive.org/details/CDROM_March92
File: /usenet/altsrcs/3/3463
OK, so as of 6 Jun 1991 it was patented. In the US patents are in
force for at most 20 years, so that one expired in or before 2011. And
releasing something as "open source" and then claiming patent on the
algorithms is assholery IMO.
That’s what struck me, too. Would that imply that you could recompile
and/or use the software but not modify it? That conflicts with the
definition of open source.
I suppose you can patent it and release the patented object into public
domain to prevent anyone ELSE from patenting it, but that’s not what
they’re saying, either. Sounds like someone should have gotten good legal
advice.
--
Pete
Scott Lurndal
2020-10-15 20:08:20 UTC
Reply
Permalink
Post by Peter Flass
Post by J. Clarke
Post by Jason Evans
I just wanted to share this since I finally found it in case anyone is
interested.
---------------
Newsgroups: alt.sources
Subject: Pretty Good Privacy(tm) Email Privacy Module Sources 1/5
Date: 6 Jun 91 21:07:36 GMT
This is release file 1/5 of Phil Zimmermans Pretty Good Privacy(tm)
An RSA/Hybrid Email Privacy System release under the aegis of Copyleft.
Although the source code and Binaries are totally Freeware, the algorithms
embedded within are Patented Items. PK Partners of Sunnyvale, California
is the current holder of the Patents. To utilize this software for other
than
educational purposes(i.e. Real Life Usage) you should Contact PK Partners
and obtain Licensing. The author accepts no liability for your actions in
either case. Contact Information for PK Partners is given in the
documentation.
section 1 of uuencode 2.8 of file pgp10src.zip by R.E.M.
----------------
Found here: https://archive.org/details/CDROM_March92
File: /usenet/altsrcs/3/3463
OK, so as of 6 Jun 1991 it was patented. In the US patents are in
force for at most 20 years, so that one expired in or before 2011. And
releasing something as "open source" and then claiming patent on the
algorithms is assholery IMO.
That’s what struck me, too. Would that imply that you could recompile
and/or use the software but not modify it? That conflicts with the
definition of open source.
I suppose you can patent it and release the patented object into public
domain to prevent anyone ELSE from patenting it, but that’s not what
they’re saying, either. Sounds like someone should have gotten good legal
advice.
I suspect that speculating about anything without the actual facts is
pointless.
Ahem A Rivet's Shot
2020-10-15 21:07:46 UTC
Reply
Permalink
On Thu, 15 Oct 2020 11:57:52 -0700
Post by Peter Flass
I suppose you can patent it and release the patented object into public
domain to prevent anyone ELSE from patenting it, but that’s not what
they’re saying, either. Sounds like someone should have gotten good legal
advice.
The patent applied to the algorithms so if you wanted to use those
algorithms commercially you had to get a licence no matter which
implementation you used. This enabled the patent holders to profit from
their invention.

The code of an implementation of those algorithms was released
under an open source license granting free use for educational purposes,
within that constraint it could (and still can) be freely copied and
modified under the usual copyleft constraints. This provided a free
testing, code review and bug fixing service for their reference
implementation.

A patent is a lot easier to enforce than the terms of a software
license as well as being more general - a clean room rewrite does not get
you past patent obligations. Even completely independent invention without
knowledge of the patent doesn't let you off the hook.

Since the patent process requires disclosure and publication of the
details of the invention (in this case algorithms) releasing source code for
educational purposes does not conflict with the patent in any way.

I'd say they had good legal advice and followed it to good effect.
--
Steve O'Hara-Smith | Directable Mirror Arrays
C:\>WIN | A better way to focus the sun
The computer obeys and wins. | licences available see
You lose and Bill collects. | http://www.sohara.org/
J. Clarke
2020-10-16 00:56:46 UTC
Reply
Permalink
On Thu, 15 Oct 2020 11:57:52 -0700, Peter Flass
Post by Peter Flass
Post by Peter Flass
Post by J. Clarke
Post by Jason Evans
I just wanted to share this since I finally found it in case anyone is
interested.
---------------
Newsgroups: alt.sources
Subject: Pretty Good Privacy(tm) Email Privacy Module Sources 1/5
Date: 6 Jun 91 21:07:36 GMT
This is release file 1/5 of Phil Zimmermans Pretty Good Privacy(tm)
An RSA/Hybrid Email Privacy System release under the aegis of Copyleft.
Although the source code and Binaries are totally Freeware, the algorithms
embedded within are Patented Items. PK Partners of Sunnyvale, California
is the current holder of the Patents. To utilize this software for other
than
educational purposes(i.e. Real Life Usage) you should Contact PK Partners
and obtain Licensing. The author accepts no liability for your actions in
either case. Contact Information for PK Partners is given in the
documentation.
section 1 of uuencode 2.8 of file pgp10src.zip by R.E.M.
----------------
Found here: https://archive.org/details/CDROM_March92
File: /usenet/altsrcs/3/3463
OK, so as of 6 Jun 1991 it was patented. In the US patents are in
force for at most 20 years, so that one expired in or before 2011. And
releasing something as "open source" and then claiming patent on the
algorithms is assholery IMO.
That’s what struck me, too. Would that imply that you could recompile
and/or use the software but not modify it? That conflicts with the
definition of open source.
I suppose you can patent it and release the patented object into public
domain to prevent anyone ELSE from patenting it, but that’s not what
they’re saying, either. Sounds like someone should have gotten good legal
advice.
They probably did, for certain values of "good". I suspect from a
lawyers viewpoint such a scheme can be a potential gold mine, with
Supreme Court for the cherry on top.
Ahem A Rivet's Shot
2020-10-15 19:57:29 UTC
Reply
Permalink
On Thu, 15 Oct 2020 07:28:44 -0700
Post by Peter Flass
Post by J. Clarke
OK, so as of 6 Jun 1991 it was patented. In the US patents are in
force for at most 20 years, so that one expired in or before 2011. And
releasing something as "open source" and then claiming patent on the
algorithms is assholery IMO.
That’s what struck me, too. Would that imply that you could recompile
and/or use the software but not modify it? That conflicts with the
definition of open source.
It would imply that for any commercial use you would have to get
permission from the patent holders and they may take the opportunity to
charge a royalty for such permission.
--
Steve O'Hara-Smith | Directable Mirror Arrays
C:\>WIN | A better way to focus the sun
The computer obeys and wins. | licences available see
You lose and Bill collects. | http://www.sohara.org/
Dennis Boone
2020-10-15 16:01:01 UTC
Reply
Permalink
And releasing something as "open source" and then claiming patent on the
algorithms is assholery IMO.
What it says is that Public Key Partners (basically RSA if you don't
look too close) holds the patents, not Zimmerman. If you want to throw
"assholery" here, you're going to have to throw it at the patent system.

De
Andreas Kohlbach
2020-10-17 03:45:22 UTC
Reply
Permalink
Post by Dennis Boone
And releasing something as "open source" and then claiming patent on the
algorithms is assholery IMO.
What it says is that Public Key Partners (basically RSA if you don't
look too close) holds the patents, not Zimmerman. If you want to throw
"assholery" here, you're going to have to throw it at the patent system.
Just recall to have read a BYTE issue from probably 1977 where one of Ron
Rivest, Adi Shamir or Leonard Adleman introduced RSA (you can see where
"RSA" comes from ;-) to the public. And two BASIC programs to en- and
decode some text. I think they used 32bit and it still took hours or
days. :-)
--
Andreas

https://news-commentaries.blogspot.com/
Jason Evans
2020-10-18 08:48:02 UTC
Reply
Permalink
OK, so as of 6 Jun 1991 it was patented. In the US patents are in force
for at most 20 years, so that one expired in or before 2011. And
releasing something as "open source" and then claiming patent on the
algorithms is assholery IMO.
I found the following email from the cypherpunks mailing list archive:

http://mailing-list-archive.cryptoanarchy.wiki/archive/
1993/08/5ca690ad6796b55eef7d9dc85bd25e6b3e26a26bd7d2c89181027458678d239b/

------------
Several items of potential interest:

1. RSA did not know of the ViaCrypt deal until after it was signed
last Sunday. ViaCrypt's license allows it to put whatever it wants
around the RSA core....it has picked PGP as the wrapper. RSA can't
really object to this, provided the RSA core is as the contract with
ViaCrypt specifies.

2. Phil will carefully inspect the code, including the RSA part, and
is confident no funny business is planned by ViaCrypt or anyone else.

(I have to trust Phil on this matter more than any "panel" or the
like....after all, he wanted to put trapdoors in, he could in the
existing PGP--though of course this is highly unlikely to have been
put in in the first place and to have remained undiscovered all this
time.)

3. There's a bunch of confusing--to me--stuff about U.S. versions,
European/foreign versions, what can and can't be exported and
imported, the ITAR (International Traffic in Arms Regulations), and so
on. Basically, there may be separate European versions, possibly using
different code. Triple DES may be used in some versions (don't ask me
for details....I'm not sure of the tradeoffs between DES and
IDEA...perhaps the deal to use IDEA doesn't fit with a commercial
version of PGP).

4. I showed Phil the MacPGP 2.3 program on my PowerBook 170. The
"help" system especially impressed him (it does me, too). He is not
closely connected with Zig F.'s Macintosh development.

5. Integrating PGP with mailers--the "elm" and MIME ideas that keep
surfacing--is still being debated. Running PGP on a machine outside
one's own control is always dangerous, but, let's face it, is how
_many_ people are already using PGP and how many of the future
corporate customers will be likely to use it.

(The PGP secret key will then be found scattered around in backups, on
other disks, etc. Even the manually-entered passphrase is *not
sufficient*, as many systems have "scrypt" and similar
keystroke-capture programs automatically recording all keystrokes.
Even my Macintoshes capture all keystrokes ("Last Resort," "Thunder 7,
etc., have such utilities).

This is an unresolved issue! (Talk of using smartcards, RSA cards,
Newton-like PDAs, etc., is one approach, but this moves away from ease
of use by requiring specialized hardware.)

6. Ease of use remains a problem. Phil mentioned again that he sends a
routine form letter out to all those who send him encrypted e-mail
explaining that it may take him several days to get around to reading
their messages...he has to do the same multi-step procedure of
downloading to his local PC, quitting, saving the file, starting PGP,
and so on. (Phil has never run PGP on a machine outside his control.)

7. Phil also wanted to talk about the political issues of RSA vs. PGP,
about my concerns some months back that the battle for strong crypto
would not be won with explicitly illegal programs, etc. I told him I
thought the ViaCrypt deal was a nearly perfect solution to these
concerns: individuals and corporations can now safely use PGP without
the fear of asset forfeiture or criminal prosecution should a zealous
prosecutor decide to "make an example" of them.

A legal version of PGP is the goal many of us were seeking. A major
win. I congratulate Phil for pulling this off.

8. Perhaps most ironically, David Sternlight (the neural net AI
automatic posting program I mentioned a few days ago) has asked to be
a beta site for the ViaCrypt program! Sternlight blesses
ViaCrypt...the mind boggles. (To be fair to Sternlight--something many
people may flame me for :-} --he never argued for a ban on crypto, or
for restrictions, only that a "legal" or "unencumbered" version be
used. Hence his involvement with RIPEM.)
------------

Loading...