3 December 1999
Date: Fri, 3 Dec 1999 16:43:30 +0100 (MET)
From: Stefan Kelm <kelm@pca.dfn.de>
To: schneier@counterpane.com
Subject: PRESS RELEASE: A project to improve and commercialize GnuPG, the
GNU Privacy Guard
Cc: jy@jya.com, cryptography@c2.net, coderpunks@toad.com
Please take note of the following press release:
http://www.gnupg.de/presse.en.html
PRESS RELEASE
Project management: GUUG, the German Unix User Group
In cooperation with:
G-N-U GmbH
LinuxLand International
The DFN-PCA project
Werner Koch Softwaresysteme
Funded by the German Federal Ministry of Economics and Technology.
This press release is intended to provide answers to the most common questions concerning our project. In case of further questions you are invited to contact us at: gnupg@guug.de
Project objectives
The project is intended to foster the widespread use of encryption technology in general and the GNU Privacy Guard (GnuPG) in particular.
What is GnuPG?
GnuPG is a security application based on cryptographic algorithms. Written by German programmer Werner Koch, GnuPG is world renowned to be one of the best security tools available.
The characteristics of GnuPG
- GnuPG is a full implementation of OpenPGP, the standard that extends PGP, the de-facto standard for cryptographic tools on the Internet.- GnuPG has been released as free software under the GNU General Public License (GNU GPL). As such, full access to the source code is provided.
What is free software?
Free software, sometimes referred to as open source software, is software distributed under a license which:
- permits any user to use the software for any purpose, including those with commercial aims;- provides full access to the source code;
- permits any user to modify the software, and to distribute the modified versions.
Free software may, therefore, be sold. One of our project goals is just that: to sell copies of GnuPG in order to partially finance our work.
Many of today's free software packages evolved from the GNU project of the Free Software Foundation (FSF). GnuPG is also an official GNU part of this project, see http://www.gnu.org/ for more.
More information on free software can be found at
http://www.gnu.org/philosophy/free-sw.html.
There are ever increasing demands on the providers of security technology. Providing full access to GnuPG's source code is a crucial step to meeting those requirements.
What do we want to achieve?
- with the growing number of people connecting to open networks such as the Internet the protection of privacy becomes not only more important but also more difficult;- the use of digital signatures will provide the foundation for reliable business communications and thus have a major impact on our economy.
Our intention is to develop and distribute the tools that are necessary to facilitate widespread access and use of strong cryptographic applications.
Moreover, a major aspect of our work is to display the huge economic potential of free (open source) software. It has long been shown that the quality of non-free (i.e. proprietary) software is by no means better than that of free software. Therefore, the usability of software, which is both free and commercial, within a working environment is one of our main objectives.
Why not use PGP?
PGP ("Pretty Good Privacy") is a product developed and implemented in the US. Because of the strict export restrictions and other US laws, PGP is unsuitable for many areas outside the US.
Although the source code to PGP has been published it is not complete and it is unknown whether future versions of PGP will be shipped with access to the source code. Thus, PGP is not free software.
Furthermore, all current versions of PGP support some form of third party access to cryptographic keys. This "feature" has lead to a decrease of faith in the software.
What impacts will the project have?
The GnuPG software, including a handbook containing the full documentation, will be available at specialized dealers. Both private and business users will be able to buy the software at a reasonable price. GnuPG will be easy to install and use, while retaining full functionality. Users will also have access to commercial support.
How do we merit from the project?
Many users appreciate ready-to-install software on a CD accompanied by a manual; they are usually prepared to pay a reasonable price for such products.
Business users on the other hand require additional services, the most important of which are a qualified installation of applications within their corporate networks and training of the employees. Being the GnuPG developers we are especially capable of offering these services to the users.
What do we bring into the project?
In September 1999 the first full version of GnuPG was released. This version runs on various UNIX platforms and is intended for the experienced user.
In order to make the software usable by less experienced users it is essential to enhance GnuPG in several ways: porting the software to other operating systems, developing graphical user interfaces (GUI) and writing a handbook are the most obvious examples.
Equally important will be the task of marketing the software in order to inform the public about the new possibilities offered by using GnuPG and in order to sell the product.
In addition, the project ensures the future development of GnuPG and acts as a cornerstone for industry-based free software (open source) development.
How is our funding going to be used?
The funding will ensure both private and business users the availability of a highly secure cryptographic software at a reasonable price.
It will take some time for the project to finance itself. In the meantime, the development and marketing will be funded by the German Federal Ministry of Economics and Technology.
The funding of GnuPG is only a very first step: the German government already has announced to support follow-up free software (open source) projects.
We are therefore confident that GnuPG as a free software will establish itself as a reliable tool for European citizens who want to protect their privacy while remaining part of the global information infrastructure.