English translation by Cryptome and Pplf.

"What Has PGP® Become?"
French users of OpenPGP
against the PGP® of NAI

By Pplf (webmaster of "PGP en français") and Michel Bouissou (network administrator)

PARIS, September 19, 2000

"It's personal. It's private. And it's no one's business but yours."
-- Philip Zimmermann, PGP User's Guide, 1991.


At the end of August, a German researcher, Ralf Senderek, highlighted a serious bug in the ADK function (Additional Decryption Key or additional key of deciphering) of PGP 5.5.x, 6.x and 6.5.x (http://www.cert.org/advisories/CA-2000-18.html). This bug was corrected very quickly by PGP Security Inc, a subsidiary of Network Associates Inc. (NAI).

At the end of May, three European researchers had found another bug in the random generator of the Unix/Linux version of PGP 5.0 (http://www.cert.org/advisories/CA-2000-09.html). Versions 6.5 did not contain this bug.

We are long-time users of PGP®. We have used it since 1995, and some among us used it even since 1992. As French, we lived a long time under a prohibition against the use of PGP® (but since France is a democracy, in practice we could use it freely and publicly). We knew what PGP® was: a security tool providing nearly perfect confidentiality and a strong authentification. But since version 2.0, eight years after September 1992, what has PGP® become in the year 2000?

Today, after the bug of PGP® 5.0 Unix and the bug of the ADK, we no longer have any confidence in the recent versions of PGP®.

We criticize NAI for having transformed a computer security software into a marketing software.

We particularly criticize NAI for having implemented ADK in PGP® as well as non-essentials or even dangerous functions like SDA or share keys.

We criticize NAI for hiding behind the argument: "All software have bugs" to excuse serious errors of programming.

We finally criticize NAI for not having found how to make PGP® within the reach of everyone (the graphic user interface has changed little since version 5.0 whose study (http://reports-archive.adm.cs.cmu.edu/anon/1998/abstracts/98-155.html) showed that it was not easily usable by beginners in computers).

Not only NAI didn't remove the ADK of version 6.5.8 when correcting the ADK bug, but the ADK has been added too in the PGP 7.0's RSA keys, which keys didn't support ADK before. That amounts to gradually imposing a type of RSA key "contaminated" by the ADK, a function rejected by the members of the OpenpPGP group. The creator of PGP®, Philip Zimmermann, explained that, according to him, there was a need for the ADK function, saying: "We could not have sold PGP® without this function." (http://www.bigfoot.com/~pgpenfrancais/prz290800-fr.htm).

We desagree completly with Phil: PGP® should never have contained this function and NAI should have published immediately after the bug discovery some freeware versions incompatible with the ADK function. The ADK is a risk for PGP, all the experts say it (http://www.cdt.org/crypto/risks98/) and this function is useful only for businesses, not for private individuals.

But the mission of PGP® is not to sell something, or to give work to programmers (even the best). PGP® was created like a software of "resistance " to protect the the individuals private life facing the ubiquity of the spying powers in the computer universe, in order to preserve what we French call the intimité (privacy), i.e. the everybody's sphere of secrecy, which he does not wish to share with anybody else except the man or the woman he has chosen. If businesses appreciate the OpenPGP standard and wish to pay people for adapting it to their needs by adding particular functions for backup of the private keys, or for recovery of a passphrase forgotten, that is their affair. But PGP® has nothing to do with that; PGP® was created with a greater idea.

The financial cost of the PGP® development does not require the sale of the software itself: some major tools, like Linux, Apache or Sendmail, are not commercial, they are GNU, they are free, and companies like Linux-Mandrake or RedHat succeed in making money with this software GNU. NAI could sell services around a GNU program.

We want to insist on a point: we don't suspect NAI, or the team of development of PGP®, or Phil Zimmermann, to have put a backdoor in PGP®, or want to do it. We still have confidence in the sincerity of their source-code, and we think that none of the latest bugs in PGP® are intentional. We disagree only about the choice of features and the method of development. The problem relates to the technical and commercial choices. PGP® is the victim of the NAI's marketing and we do not have any more confidence in "NAI" versions of PGP®.

PGP® is not Internet Explorer or Outlook Express: PGP® cannot contain bugs, and bugs, and still more bugs. PGP® should not contain any bug. And the best way of not having any bug is to make less things possible, in order to be able to do them well. If all the programs contain bugs, some have less bugs than others: everyone knows that OpenBSD has less bugs than WindowsNT. From version to version, PGP® was transformed into a big security suite with more and more features the majority of which are not essential to encryption and authentification of data. PGP® seems to enlarge month by month. The problem is that we do not know where that will stop.

The cryptographic integrity of PGP® is in danger and it is time to sound the alarm. We will never accept that PGP® becomes a software a la Microsoft, and that the de facto standard for encryption on the Internet becomes a nest of bugs.

We regret it deeply, but we do not have any more confidence in the latest version of PGP®, and we must say to people asking us which encryption software they can employ without risk: "Do not use the versions 7.x PGP®: they are too big, present too many risks of bugs, their source-code is too complex to check, their features are too wide, to be really sure - instead, chose GnuPG or wait until NAI places its software under the GNU public licence (GPL) or creates back true computer security tools."

The PGP® of NAI became a product marketing, with all that that implies:

- to make believe that it is the single panacea with a whole of complex problems and without relationship between them;

- to privilege the user interface at the detriment of security;

- "to ease the life" of the user at the point to remove any control and any visibility to him on what occurs inside, and to make in silence decisions assigning security to the place of the user under pretext that "it is too complicated";

- to be integrated so much into the operating system, Windows, that it becomes difficult to differentiate the potentially ascribable risks of safety in Windows.

On the contrary, PGP® should have remained a product of security, which for a tool of encryption / authentification supposes:
- to be light, concise, easy to control; in few words: minimalist;

- to implement strong and tested for several years algorithms, and in a sober and controllable implementation;

- to avoid above all useless or debatable gadgets, each gadget being a potential security hole;

- to implement only what is necessary to encrypt / decrypt / verify;

- to limit itself to a light encryption product, and especially not a general security suite ;

- to make the user aware of their responsabilities by forcing him to control / certify the keys he uses;

- to separate the "encryption engine", which must be as collected and concise as possible, of the external plugins in order to make them separately controllable and updatable.

We want NAI to publish a thinned version of PGP®, without superfluous gadget like the SDA or special keys (ADK, share keys, reconstruted keys, special RSA keys, etc), by respecting security minimal requirements.

According to us, the new PGP® should contain only the essential:

- a e-mail plugin (for Outlook Express train, Eudora, Netscape, Exchange, Lotus, Claris, etc.) with updates for each new version of the e-mail program;

- a really secure key manager, which forces the user to give degrees of trust to the public keys that it contains;

- the conformity with the OpenPGP standard;

- the publication of the source-code for each version or new plugin, and downloadable at the same time and at the same place as the program.

All that corresponds to the GnuPG project: not an funny graphic interface, but a tool for the protection of the human lives in the dictatorships, and for the protection of the individuals privacy in the democracies.

But GnuPG was launched in 1999 like a GNU computer project in order to create a free software, and not like a human rights project. In 1991, PGP® was not launched like a computer project but like a human rights applied to the digital era, and this is why we need PGP®. We do need PGP® because we do need Philip Zimmermann, and his teaching interventions, his conferences, his analyses, his vision of electronic freedom in our Big Brother world, and we need the history, the epic, in a word the "Memory" of PGP®, and the PGP® community (of which we are a part). We really hope that Phil and NAI will find a solution and will agree to bring back PGP® from the state of marketing-software to the state of professional software which it once was.

In 1991, Phil Zimmermann said of the privacy provided by PGP: "It's personal. It's private. And it's no one's business but yours." It is personal? It is private? Yes. And it is our business to keep PGP® secure.

Pplf (webmaster of "PGP en français") and Michel Bouissou (network administrator)

Version signed by Pplf.