-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I suppose I shouldn't get into a "ADK features are not Key Escrow" debate
as I am sure everyone's opinions are already set in stone...
However, I would like to address the perception (below) that the ADK
feature has been "locked-open" as this is indeed not the case.
PGP business products, as sold in the US or anywhere else, do not have
the ADK feature turned on by default. The purchasing company must turn
this on themselves.
PGP products sold in the retail channel, like Personal Privacy, _never_
force the user to respect an ADK. The retail (and freeware) users can
always encrypt to the primary key while avoiding the ADK that is
associated with that primary key. If a company wants to prevent
retail/freeware users from sending their employees ADK-less mail then
they must put up scanning tools on their mail server to enforce their
policy.
NAI/PGPinc has never entered into an agreement with the U.S. Government
in which we have traded features in PGP software for an export license,
nor would we ever do so.
We have never built a weakened version of PGP. In fact, we don't even
include 56-bit DES in our IPsec software, even though must of our
competitors do. :-P
Noah Salzman
[EMAIL PROTECTED]
408.346.5186
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2
iQA/AwUBOFayHSQ6gdj6pyJyEQK2MACgiACc/uhd6Qfjq3aNaIeIikdA8UgAn1CQ
xxMT8fRvpUoQu4YQXVOqWFME
=m+WS
-----END PGP SIGNATURE-----
-----Original Message-----
From: Vin McLellan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 14, 1999 7:29 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: "PGP Granted Worldwide Export License"
I guess I should qualify this.
I am more than willing to assume that NAI's relationship with the US
government is good enough that it got a little head start in obtaining a
license to offer classic full-strength PGP as "retail" mass-market crypto.
This is what the rest of the crypto industry expected to get in the
new Clinton/Gore BXA policy on crypto exports that had been scheduled to be
announced today, I think. (That announcement is now delayed until Jan.
14th, last I heard.)
But full-strength "enterprise-class products" -- VPNs, etc. --
without the "key recovery" backdoor locked in and locked open?
Wow! sez me... hopefully (but very doubtfully.) PHil rUlz!
_Vin
------- earlier message ---
Unless I missed something big in D.C., I presume this is simply the
announcement of a pro-forma bulk export license for PGP (and the repackaged
PGP Enterprise Security Suite?) for Business.
And, although it is difficult to discert amid all the
self-congratulatory hoopla, I also presume that NAI's "flagship technology"
will only be exported outside the US with the "option" for what NAI often
obliquely refers to as "additional encryption keys" -- third-party ( i.e.,
government and management) access to all encrypted communications --
irreversibly locked ON in a binary-only format.
Much ado about nothing for consumers and most corporate buyers,
right?
(Which is not to deny that such a license might speed up and make
shipping shedules more predictable for those ordering these products and or
shipping these packages overseas. I think NAI's earlier blanket license for
shipping key-recovery-ON versions of PGP for Business to US overseas branch
offices and subsidiaries did just that two years ago.)
Fine for folks who want, or need, or are required to build third
party access into their infrastructure for handling encrypted employee
email, files, or SSL and VPN sessions -- but somewhat too MAKed and GAKed
for most of the rest of us.
Corrections (and appropriate chastisement for my bantering tone)
will be gratefully accepted. In this, I'd love to be wrong.
Suerte,
_Vin
------------- in response to -------------------
At 06:36 PM 12/13/99 -0500, R. A. Hettinga offered:
Monday December 13, 8:30 am Eastern Time
Company Press Release
http://biz.yahoo.com/prnews/991213/ca_network_1.html
SOURCE: Network Associates, Inc.
PGP Encryption Software Granted Worldwide Export
License As Part of Landmark Decision
Effective Immediately, U.S. Government Grants License for International
Sales Of World's Most Widely Deployed Encryption Products
SANTA CLARA, Calif., Dec. 13 /PRNewswire/ -- Network Associates, Inc.
(Nasdaq: NETA - news) today announced that it has been granted a full
license
by the U.S. Government to export its market-leading PGP encryption
software, ending a decades-old ban on the export of strong encryption
products.
The license, effective immediately, allows Network Associates, the world's
largest security software company (IDC Research, 1999) to export its full
strength PGP encryption software to virtually all countries worldwide
without
restriction. Worldwide availability of strong encryption is widely seen as a
necessity for enabling trusted e-business transactions over the Internet.
``PGP encryption has always been a flagship technology -- the first
mass-distributed encryption software, the first to be sold by an
overseas subsidiary, and now the first to be available for sale from the
U.S.
directly to overseas customers,'' said Kelly Blough, director of government
relations for Network Associates. ``We are pleased with the U.S.
Government's
decision to grant this license independently of the new crypto regulations,
so
Network Associates can point the way for other American companies in the
drive to help shape e-commerce worldwide.''
Network Associates acquired Phil Zimmermann's PGP, Inc. in 1997 and offers
the company's PGP encryption and authentication technology today in several
consumer and enterprise-class products. PGP Data Security secures all email,
disk, file and network communications between businesses.
The standalone PGP VPN application offers a fully standards-compliant
virtual private network client that enables remote users to securely access
corporate networks over the public Internet, saving companies as much as 80
percent
on remote dial-up costs.
IDC Research recently named Network Associates as the world's leading
encryption software vendor, as well as the largest overall security
software
vendor (including firewall, antivirus, and VPN). As demand for seamless
security to enable trusted e-business relationships grows, the worldwide
market for security software is projected to grow to $8.3 billion in 2003.
This
relaxation of export regulations allows U.S. based companies for the first
time
to compete globally in the race to secure the planet with easy-to-use,
deploy,
and manage encryption software to enable trusted transactions.
``This decision further establishes the PGP product line as a true worldwide
standard for enabling secure e-business,'' said Mona Doss, senior product
manager for PGP. ``Thanks to this export license, the PGP product line can
now be easily used to secure data both within and between businesses almost
anywhere in the world.''
With headquarters in Santa Clara, Calif., Network Associates, Inc. is a
leading
supplier of enterprise network security and management software. Network
Associates' Net Tools Secure and Net Tools Manager offer best-of-breed,
suite-based network security and management solutions. Net Tools Secure and
Net Tools Manager suites combine to create Net Tools which centralizes
these
point solutions within an easy-to-use, integrated systems management
environment. For more information, Network Associates can be reached at
972-308-9960 or on the Internet at http://www.nai.com.
NOTE: Network Associates, PGP and Net Tools are registered trademarks of
Network Associates, Inc. and/or its affiliates in the US and/or other
countries.
All other registered and unregistered trademarks in the document are the
sole
property of their respective owners.
SOURCE: Network Associates, Inc.
