OK, so as of 6 Jun 1991 it was patented. In the US patents are in force
for at most 20 years, so that one expired in or before 2011. And
releasing something as "open source" and then claiming patent on the
algorithms is assholery IMO.
I found the following email from the cypherpunks mailing list archive:
Several items of potential interest:
1. RSA did not know of the ViaCrypt deal until after it was signed
last Sunday. ViaCrypt's license allows it to put whatever it wants
around the RSA core....it has picked PGP as the wrapper. RSA can't
really object to this, provided the RSA core is as the contract with
2. Phil will carefully inspect the code, including the RSA part, and
is confident no funny business is planned by ViaCrypt or anyone else.
(I have to trust Phil on this matter more than any "panel" or the
like....after all, he wanted to put trapdoors in, he could in the
existing PGP--though of course this is highly unlikely to have been
put in in the first place and to have remained undiscovered all this
3. There's a bunch of confusing--to me--stuff about U.S. versions,
European/foreign versions, what can and can't be exported and
imported, the ITAR (International Traffic in Arms Regulations), and so
on. Basically, there may be separate European versions, possibly using
different code. Triple DES may be used in some versions (don't ask me
for details....I'm not sure of the tradeoffs between DES and
IDEA...perhaps the deal to use IDEA doesn't fit with a commercial
version of PGP).
4. I showed Phil the MacPGP 2.3 program on my PowerBook 170. The
"help" system especially impressed him (it does me, too). He is not
closely connected with Zig F.'s Macintosh development.
5. Integrating PGP with mailers--the "elm" and MIME ideas that keep
surfacing--is still being debated. Running PGP on a machine outside
one's own control is always dangerous, but, let's face it, is how
_many_ people are already using PGP and how many of the future
corporate customers will be likely to use it.
(The PGP secret key will then be found scattered around in backups, on
other disks, etc. Even the manually-entered passphrase is *not
sufficient*, as many systems have "scrypt" and similar
keystroke-capture programs automatically recording all keystrokes.
Even my Macintoshes capture all keystrokes ("Last Resort," "Thunder 7,
etc., have such utilities).
This is an unresolved issue! (Talk of using smartcards, RSA cards,
Newton-like PDAs, etc., is one approach, but this moves away from ease
of use by requiring specialized hardware.)
6. Ease of use remains a problem. Phil mentioned again that he sends a
routine form letter out to all those who send him encrypted e-mail
explaining that it may take him several days to get around to reading
their messages...he has to do the same multi-step procedure of
downloading to his local PC, quitting, saving the file, starting PGP,
and so on. (Phil has never run PGP on a machine outside his control.)
7. Phil also wanted to talk about the political issues of RSA vs. PGP,
about my concerns some months back that the battle for strong crypto
would not be won with explicitly illegal programs, etc. I told him I
thought the ViaCrypt deal was a nearly perfect solution to these
concerns: individuals and corporations can now safely use PGP without
the fear of asset forfeiture or criminal prosecution should a zealous
prosecutor decide to "make an example" of them.
A legal version of PGP is the goal many of us were seeking. A major
win. I congratulate Phil for pulling this off.
8. Perhaps most ironically, David Sternlight (the neural net AI
automatic posting program I mentioned a few days ago) has asked to be
a beta site for the ViaCrypt program! Sternlight blesses
ViaCrypt...the mind boggles. (To be fair to Sternlight--something many
people may flame me for :-} --he never argued for a ban on crypto, or
for restrictions, only that a "legal" or "unencumbered" version be
used. Hence his involvement with RIPEM.)