Group pushes PGP to secure email

Eleven privacy companies have launched the OpenPGP Alliance to encourage compatibility among private electronic communications systems.

OpenPGP is a standard based on PGP (Pretty Good Privacy), an open source system for encrypting mail. Members, which include Qualcomm, Hush Communications, Gnu Privacy Guard, SSH Communications Security, Veridis, ZendIt and Zero Knowledge Systems, will oversee technical compatibility testing and provide educational and cross-marketing to members.

Phil Zimmerman, the original PGP author and chief cryptographer for Hush and founder of the OpenPGP Alliance, said a global spirit of co-operation is what helped PGP evolve from an arcane encryption program into the de facto standard that now protects the privacy of millions of users around the world.

"By co-operating to ensure that different secure email systems work together, companies do not have to feel they are going it alone," Zimmerman said.

Zimmerman left Network Associates to join HushMail, which is developing a secure email system based on the OpenPGP specification. Network Associates, the owner of the PGP trademark, has not yet signed on to the alliance.

The alliance, at www.openpgp.org, was formed to help ensure compatibility among encrypted email systems.

OpenPGP was submitted to the Internet Engineering Task Force (IETF) in 1997. By becoming an IETF standard, OpenPGP may be implemented by any company without paying any licensing fees.

Interoperability testing will begin at Qualcomm's facility in San Diego this summer. The alliance will test to ensure multiple implementations of OpenPGP conform to the requirements of the IETF spec, as well as successfully exchange keys, encrypted messages and signatures.

Membership of the alliance is open to any company or individual interested in developing products or offering services based on the OpenPGP standard.