(Source : The Zimmermann Telegram, Volume 2, Issue 1, December 4, 1998)
 
 

An Open Letter to PGP Users

Many PGP users have written and asked me if NAI has compromised the cryptographic integrity of PGP, perhaps at the government's behest. Let me assure you that since the acquisition of PGP Inc., up to the time of this writing, NAI has not shown even the remotest interest in compromising the security of PGP and I don't expect that to change. In fact, NAI has a strong financial interest in keeping strong crypto in PGP products because that's what PGP customers want. Further, I'd like to point out that when NAI acquired PGP, they didn't just acquire a product. They also acquired a team of people who were already dedicated to the principles of personal privacy. And let me assure the reader that for as long as I am associated with NAI, I will personally continue to work with the rest of the PGP team to ensure the cryptographic integrity of PGP products.

I encourage you to use the latest version of PGP from NAI, PGP 6.0.2. That's what I use, and it's every bit as secure as any previous version of PGP, in fact the security has only improved. Peer review of the source code has shown that there have never been any back doors in PGP, and still aren't.

In particular, PGP users of version 2.6.2 should upgrade to this latest version, and generate DSS/DH keys. These new keys use the Digital Signature Standard (DSS) and the Diffie-Hellman (DH) algorithms, both open standards and the default key type in PGP. All the new features are available only for DSS/DH keys. A vast majority of PGP users have already migrated to the new format. PGP is the best and most widely used email encryption product in the world. Through its affiliation with NAI, PGP has achieved the sales volume and mind share that it needs to maintain its leadership position. You can remain confident that the PGP development team has held on to its integrity and commitment to personal privacy.

Keep the faith.
 

Sincerely,

Phil Zimmermann