Message from Phil Zimmermann

Cryptome DVDs. Donate $25 for two DVDs of the Cryptome collection of 47,000 files from June 1996 to January 2009 (~6.9 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, cryptome.info, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,100 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.

4 June 1999

Date: Fri, 04 Jun 1999 10:45:21 +0200
From: Michel Bouissou <michel_bouissou@wanadoo.fr>
To: jya@pipeline.com
CC: prz@acm.org
Subject: *** Message from Phil Zimmermann ***

Hello,

   Please find below a message from Philip R. Zimmermann.

   Please read my footnote if you have any problem with Phil's signature
verification.

The following message may be widely distributed.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'd like to address the rumors concerning the cryptographic integrity of
PGP, including recent versions made by Network Associates, as well as
recent freeware versions built and released by Stale Schumacher on his
website in Norway at http://www.pgpi.org.  These rumors allege that these
versions of PGP contain back doors for the US Government to access the
plaintext messages or keys.  I do not know how such sensationalist
conspiracy theories get started, but they seem to come from people who
believe that The X-Files is a documentary.

Let me assure everyone that all versions of PGP that are released from
Network Associates have the same cryptographic integrity as all previous
versions of PGP that were released since the old days before I started
my company, PGP Inc.  In fact, no version of PGP in which I have been
personally involved has ever had any back doors or any other mechanism
to intentionally weaken PGP.  That includes versions released by MIT,
PGP Inc, Network Associates, or Stale Schumacher.

After all the hardship and legal persecution that I endured to bring PGP
to the world, I find it surprising and offensive that anyone would think
that I would quietly stand by and tolerate any compromise in the
cryptographic interity of PGP.

When Network Associates acquired my company in December 1997, they also
acquired the same engineering team that we had put together at PGP Inc,
a team dedicated to the same principles of personal privacy that led me
to create PGP.  This team is still working on PGP today, and will continue
to help me protect the integrity of PGP.  Network Associates has not
shown the slightest interest in compromising the integrity of PGP.  They
recognise that it would not be in their business interests to do so.

We have always published the source code for every version of PGP for
peer review purposes, and Network Associates has carried on that tradition.
Anyone may download the source code for PGP from www.pgpi.org and examine
it for any back doors.  Stale Schumacher, an independent PGP activist
who is not an employee of Network Associates, has done all the builds
since PGP 5.0i for the freeware versions of PGP in Europe.  I have known
Stale for several years and I know that he is committed to the same
political principles of privacy as I am.  I feel confident that Stale
would never compromise the integrity of PGP in the versions that he
builds for distribution on his site.  Nonetheless, anyone who worries
if the binary executables for PGP are trustworthy may compile the code
themselves and rebuild the binaries for their own personal use, as long
as they do not redistribute such rebuilt binaries for others to use.

-- Philip Zimmermann
    http://www.pgp.com/phil
    3 June 1999

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1b40

iQA/AwUBN1bDM2PLaR3669X8EQLXSACg4Z5+//BgNg4OjeKDugnQ0wmWbXEAoPsl
v4z0is5aXeLPf0cOJSqnyX9Q
=QOqg
-----END PGP SIGNATURE-----

Signature verification:

I first encountered a problem in checking Phil's signature from within
Outlook Express: Phil's signature displayed as "bad".

The reason is that Phil' signature line begins with " -- Philip..." and
Outlook Express doesn't seem to like the leading space. When copying the
message to the clipboard for checking the signature, Outlook Express
removes this space, causing the verification process to fail.

Weirdly enough, if you save the message as a .TXT file using Outlook
Express, then the space is correctly reproduced and the sig check on the
obtained text file succeeds!

If you happen to have the same problem with your mail/news reader, Please
save this document as a text file, and check that there is ONE space at the
beginning of Phil's signature line. Correct manually if necessary. Then,
the signature check should be OK.

Michel Bouissou <michel_bouissou@wanadoo.fr> DH/DSS ID 0x80DBBD8F