19 September 2000
Source:
http://www.geocities.com/SiliconValley/Bay/9648/pgp2000.html
(in French)
Translation by Cryptome.
By PGP en français (web site) and Michel Bouissou (administrator network)
PARIS, September 19, 2000
"It's personal. It's private. And it's no one's business but yours."
-- Philip Zimmermann, PGP User's Guides, 1991.
At the end of August, a German researcher, Ralf Senderek, highlighted a serious bug in the ADK function (Additional Decryption Key or additional key of deciphering) of PGP 5.5.x, 6.x and 6.5.x (http://www.cert.org/advisories/A-2000-18.HTML). This bug was corrected very quickly by PGP Security Inc, a subsidiary of Network Associates Inc. (NAI).
At the end of May, three European researchers had found another bug in the random generator of the Unix/Linux version of PGP 5.0 (http://www.cert.org/advisories/A-2000-09.HTML). Versions 6.5 did not contain this bug.
We are long-time users of PGP®. We have used it since 1995, and some among us used it even since 1992. As French, we lived a long time under a prohibition against the use of PGP® (but since France is a democracy, in practice we could use it freely and publicly). We knew what PGP® was: a tool of security providing nearly perfect confidentiality and a robust authentification. But since version 2.0, eight years after September 1992, what has become of PGP® in the year 2000?
Today, after the bug of PGP® 5.0 Unix and the bug of the ADK, we no longer have any confidence in the recent versions of PGP®.
We reproach NAI for having transformed a software for computer security into a software for marketing.
We particularly reproach NAI for having implemented in PGP® a ADK, as well as function superfluous even dangerous like the SDA or the sharing of keys.
We reproach NAI for hiding behind the argument: "All software has bugs" to excuse serious errors of programming.
We finally reproach NAI for not having known how to make PGP® accessible to the general public (the graphic interface has evolved/changed little since version 5.0 whose study (http://reports-archive.adm.cs.cmu.edu/anon/1998/abstracts/98-155.html) showed that it was not easily usable by beginners in data-processing).
Not only NAI did not withdraw the ADK of version 6.5.8 in correcting the ADK bug, but also in PGP 7.0 to ADK was added RSA keys which up to now were not supported. That amounts to gradually imposing a type of key "contamination" by the ADK, a function rejected by members of the OpenpPGP group. The creator of PGP®, Philip Zimmermann, explained that according to him there was a need for the ADK function while saying: "We could not have sold PGP® without this function." (http://www.bigfoot.com/~pgpenfrancais/prz290800-fr.htm).
We are in complete disagreement with Phil: PGP® should never have contained this function and NAI should have published immediately after the bug discovery freeware versions which would be incompatible with the ADK function. The ADK is a risk for PGP, all the experts say it (http://www.cdt.org/crypto/risks98/) and this function is used only for businesses, not by private individuals.
However, the mission of PGP® is not to sell something, or to give work to programmers (even the best). PGP® was created like a software of "resistance " to protect the private life from the individuals vis-a-vis the ubiquity of the means of espionage in the information-processing universe, in order to preserve what we French call "the intimacy", i.e. the sphere of secrecy of any person who does not wish to share with anybody except for those that have chosen. If businesses appreciate the OpenPGP standard and wish to pay people to adapt it to their needs while adding to it particular functions for safeguarding private keys, or for recovery of a passphrase of a forgotten master key, that is their affair. But PGP® has nothing to do with that; PGP® was created with a larger idea.
The financial cost of the development of PGP® does not require the sale of the software itself: major tools, like Linux, Apache or Sendmail are not commercial, they are GNU, free, and companies like Linux-Mandrake or RedHat make money with this software GNU. NAI could sell services around a program GNU.
We want to insist on a point: we suspect neither NAI, nor the team of development of PGP® or Phil Zimmermann to have put a backdoor in PGP® or want to do it. We still have confidence in the sincerity of their source-code, and we think that none the latest bugs in PGP® are intentional. We are in disagreement is only in the choice of functions and the method of development. The problem relates to the technical and commercial choices. PGP® is the victim of the marketing of NAI and we do not have any more confidence in "NAI" versions of PGP®.
PGP® is not Internet Explorer or Outlook Express: PGP® cannot contain bugs, and bugs, and still moree bugs. PGP® should not contain any bug. And the best way of not having any bug is to make it less possible, to be able to do them well. If all the programs contain bugs, some even so have less than others: everyone knows that OpenBSD has less bugs thab WindowsNT. From version to version, PGP® was transformed into a large continuation of security with more and more functions the majority of which are not essential to encryption and authentification of data. PGP® seems to enlarge month by month. The problem is that we do not know where that will stop.
The cryptographic integrity of PGP® is in danger and it is time to sound the alarm. We will never accept that PGP® becomes a software in Microsoft and that the standard de facto of encryption on the Internet becomes a nest infected with bugs.
We regret it deeply, but we do not have any more confidence in the latest version of PGP®, and we must say to people asking us which software of cryptography they can employ without risk: "do not use the versions 7.x PGP®: they are too large, present too many risks of bugs, their source-code is too complex to check, their functions are too wide, to be really sure - instead, chose GnuPG or wait until NAI places its software under the GNU LPG licence or remakes true tools of computer security."
The PGP® of NAI became a product marketing, with all that that implies:
- to make believe that it is the single panacea with a whole of complex problems and without relationship between them;- to privilege the user interface at the detriment of security;
- "to ease the life" of the user at the point to remove any control and any visibility to him on what occurs inside, and to make in silence decisions assigning security to the place of the user under pretext that "it is too complicated";
- to be integrated so much into the operating system, Windows, that it becomes difficult to differentiate the potentially ascribable risks of safety in Windows in operation from the system.
On the contrary, PGP® should have remained a product of security, which for a tool of encryption / authentification supposes:
- to be light, concise, easy to control; all things considered minimalist;- to implement algorithms strong and tested since several years, and in a sober and controllable implementation;
- to avoid above all useless or debatable gadgets, each gadget being a potential security hole;
- to implement only what is necessary to enciphering / deciphering / authentification;
- to limit itself to a product of light coding, and especially not with a "expansion of security" for the general user - keeping responsibility with the user by forcing him to control / authenticate the keys which he uses;
- to separate the "engine from encryption" which must be as collected and concise as possible, of the external additions (plugins) in order to make them separately controllable and evolutionary.
We want NAI to publish a thinned down version of PGP®, without superfluous gadget like the special SDA or keys (ADK, share keys, keys with rebuilding, key special RSA, etc), by respecting minimal requirements of security.
According to us, the new PGP® should contain only these bare essentials:
- a plugin e-mail (for Outlook Express train, Eudora, Netscape, Exchange, Lotus, Claris, etc.) with updates for each new version of the program enamel;- a truly reliable manager of keys and which obliges the user to grant degrees of confidence to the public keys that it contains;
- conformity with the OpenPGP standard;
- publication of the source-code for each version or new plugin, and downloadable at the same time and at the same place as the program.
All that corresponds to the GnuPG project: not an amusing graphic interface, but a tool of protection of the human lives in the dictatorships, and for protection of the intimacy of the private life of the individuals in the democracies.
But GnuPG was launched in 1999 like a project data-processing GNU in order to create a free software, and not like a project for human rights. In 1991, PGP® was not launched like a data-processing project but like a project for human rights applied to the digital era, and this is why we need PGP®. We have need for PGP® because we need Philip Zimmermann, for his teaching interventions, his conferences, his analyses, his vision of electronic freedom in our world of Big Brothers, and we need the history, of épopée, in a word "Memory" of PGP® and the PGP® community (of which we are a part). We really hope that Phil and NAI will find a solution and will agree to bring back PGP® from the state of software-marketing to the state of professional software which it once was.
In 1991, Phil Zimmermann said of the intimacy provided by PGP: "It's personal. It's private. And it's no one's business but yours." It is personal? It is private? Yes. And it is ours to keep PGP® reliable.
PGP en français (site web) and Michel Bouissou (administrator network)
Version signed by "PGP en français".