Frequently Asked Questions
Q: What is OpenPGP?
A: OpenPGP is a protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil Zimmermann. The OpenPGP protocol defines standard formats for encrypted messages, signatures, private keys, and certificates for exchanging public keys. Beginning in 1997, the OpenPGP Working Group was formed in the Internet Engineering Task Force (IETF) to define this standard that had formerly been a proprietary product since 1991. Over the past decade, PGP, and later OpenPGP, has become the standard for nearly all of the world's encrypted email. By becoming an IETF standard (RFC 4880), OpenPGP may be implemented by any company without paying any licensing fees to anyone.
Q: Doesn't Network Associates (NAI) own PGP?
A: Well, not anymore. A new startup, PGP Corp, acquired the PGP intellectual property back from NAI in August 2002 (which NAI had owned since December 1997, when they acquired it from PGP Inc). By doing so, PGP Corp acquired the trademark PGP and Pretty Good Privacy, as well as the source code for that particular software implementation developed by Phil Zimmermann and his engineering team. But the name OpenPGP had been previously granted by PGP Inc to the IETF for use as the name of the OpenPGP standard, and the IETF allows any company that complies with that standard to use that name for free to describe their product. Any company may develop an independent implementation of the OpenPGP protocol without having to license anything from anyone.
Q: Why have an OpenPGP Alliance when there is already an OpenPGP Working Group in the IETF?
A: The IETF OpenPGP Working Group just defines the standard. The OpenPGP Alliance brings companies together to pursue a common goal of promoting the same standard for email encryption and to apply the PKI that has emerged from the OpenPGP community to other non-email applications. OpenPGP Alliance members do not have to feel that they are going it alone. They can be encouraged by the power of their numbers, to be visible to each other and work together toward a common goal, making each other stronger in the face of competing email encryption standards and competing approaches to building a Public Key Infrastructure. All this helps demonstrate to decision makers in the industry that OpenPGP really is the leading standard.
On the engineering side, the OpenPGP Alliance organizes interoperability test programs,
and will work with the IETF to continue evolving the OpenPGP standard.
There is still much work that needs to be done to keep the standard moving to
accomodate handheld and wireless mobile platforms, small downloadable applets,
smartcards and tokens.