[ih] The Internet Plan; was: Ken Olsen's impact on the Internet
Noel Chiappa
jnc at mercury.lcs.mit.edu
Wed Feb 16 14:12:38 PST 2011
> From: Dave CROCKER <dhc2 at dcrocker.net>
> I suspect Phil did not know about PEM.
Somewhat to my surprise (I thought everyone working in the email area knew
about PEM, which had been going on for years - the duration being a source of
a lot of unhappiness in some quarters), this turns out to be true. I found the
following 'PGP Marks 10th Anniversary' note (5 Jun 2001) from Phil Z:
"a week before PGP's first release, I discovered the existence of another
email encryption standard called Privacy Enhanced Mail (PEM)"
(available at:
http://www.linuxtoday.com/security/mailprint.php3?action=pv<sn=2001-06-06-004-20-SC-SW)
> Still the odds are good that PEM did not motivate PGP.
Not originally, no. But it sounds like Phil considered certain technical
choices made in PEM to be non-optimal, and I think his feeling that he had a
'better mousetrap;' was part (in addition to public response) as to why he
kept working on it.
In addition, he _did_ know of the PEM trust model, and didn't like it, when he
did the PGP trust model:
"PEM used 56-bit DES to encrypt messages, which I did not regards as strong
cryptography. Also, PEM absolutely required every message to be signed, and
revealed the signature outside the encryption envelope
...
I started designing the PGP trust model, which I did not have time to finish
in the first release. Fifteen months later, in September 1992, we released
PGP 2.0 ... PGP 2.0 had the now-famous PGP trust model, essentially in its
present form."
So I think I wasn't entirely off-base in my original comment ("PGP .. which of
course appeared in part as a counterpoint to PEM, since the top-down
authentication model of PEM didn't sit well with everyone")! :-)
Noel
More information about the Internet-history
mailing list