Zimmermann has played "a seminal role" in advancing public-key cryptography and breaking the government's attempted stranglehold on strong crypto, said John Pescatore, a security analyst at Stamford, Conn.-based Gartner Group Inc. But Pescatore downplayed the role that PGP has played in information security since NAIs' purchase oof the company in 1997.
"Network Associates really drained the life out of the PGP brand, trying to straddle the fence between PGP's open-source roots and the desire to sell enterprise software to large companies," said Pescatore.
Since PGP's installed base consisted of mostly small groups of people content with exchanging keys in a high-maintenance "web of trust" model, there was "very little synergy between the two, and NAI failed both audiences," said Pescatore. Zimmermann's departure is symbolic of this failure, Pescatore said.
Philip Rosch, an analyst at Giga Information Group Inc. in Cambridge, Mass., said Zimmermann's letter basically says that he and NAI "agreed to disagree." It also represents that Zimmermann is "not ethically challenged," said Rosch.
"My inclination is to take him at his word," said Rosch. "I'd also hazard a guess that his passion bodes well for OpenPGP. I can't say the same for the NAI product."
In his new role as chief cryptographer at Hush, Zimmermann will assist the developers of HushMail, a free, Web-based encrypted e-mail service, to integrate the OpenPGP standard in the company's future products.
OpenPGP is the open standards version of NAI's PGP encryption protocol. It's recognized by the Internet Engineering Task Force. Any company can freely integrate OpenPGP into its products.
Zimmermann will also work with another security vendor, Veridis, a recent spin-off of Highware Inc., to create other OpenPGP compliant products, including software for certificate authorities for the OpenPGP community.
He also announced plans to launch the OpenPGP Consortium to facilitate interoperability of different vendors' implementations of the OpenPGP standard and to help guide future directions of the OpenPGP standard.