[ih] The Internet Plan; was: Ken Olsen's impact on the Internet

[jnc at mercury.lcs.mit.edu (Noel Chiappa)]

    > From: Dave CROCKER <dhc2 at dcrocker.net>

    > I suspect Phil did not know about PEM.

Somewhat to my surprise (I thought everyone working in the email area knew
about PEM, which had been going on for years - the duration being a source of
a lot of unhappiness in some quarters), this turns out to be true. I found the
following 'PGP Marks 10th Anniversary' note (5 Jun 2001) from Phil Z:

  "a week before PGP's first release, I discovered the existence of another
  email encryption standard called Privacy Enhanced Mail (PEM)"

(available at:
http://www.linuxtoday.com/security/mailprint.php3?action=pv&ltsn=2001-06-06-004-20-SC-SW)


    > Still the odds are good that PEM did not motivate PGP.

Not originally, no. But it sounds like Phil considered certain technical
choices made in PEM to be non-optimal, and I think his feeling that he had a
'better mousetrap;' was part (in addition to public response) as to why he
kept working on it.

In addition, he _did_ know of the PEM trust model, and didn't like it, when he
did the PGP trust model:

  "PEM used 56-bit DES to encrypt messages, which I did not regards as strong
  cryptography. Also, PEM absolutely required every message to be signed, and
  revealed the signature outside the encryption envelope
  ...
  I started designing the PGP trust model, which I did not have time to finish
  in the first release. Fifteen months later, in September 1992, we released
  PGP 2.0 ... PGP 2.0 had the now-famous PGP trust model, essentially in its
  present form."

So I think I wasn't entirely off-base in my original comment ("PGP .. which of
course appeared in part as a counterpoint to PEM, since the top-down
authentication model of PEM didn't sit well with everyone")! :-)

	Noel