SAN FRANCISCO (01/22/2004) - The venerable .zip file format may survive, after competing companies that market compression products have reached an agreement to support each other's improvements--sort of.
WinZip Computing Inc. has just released a new beta of its forthcoming WinZip 9.0, which can decrypt protected archives created by competing product PKZip, from PKWare Inc. PKZip itself can't decrypt files compressed under the newest version of WinZip, but PKWare's free viewer can.
The status is a compromise, after a clash last summer. It appeared then the popular compression standard would split in two, as market leader WinZip and market founder PKWare promoted incompatible security improvements.
The rivalry continues. PKWare has applied for a patent on its encryption technology, an act that appears to be in violation of the open standard philosophy of the company's founder, Phil Katz.
Katz, who died in 2000, wrote the original PKZip and placed the archive's specifications in the public domain. This encouraged competition and turned .zip into the industry standard for compressed archives.
PKWare representatives say the company is still committed to an open standard. But in recent years, as PKWare has added new encryption capabilities to PKZip, competitors have complained that PKWare was slow in releasing details of the technology.
PKWare added the most recent new feature, virtually unbreakable 256-bit AES encryption, early in 2003. Then, in May, WinZip posted the first beta of WinZip 9.0, featuring its own, incompatible 256-bit AES encryption. Suddenly, users could find themselves with an AES-encrypted .zip file that couldn't be opened by a program that supports AES-encrypted .zip files.
New Versions Play Nicely
The situation changed this week, when WinZip posted on its Web site the third public beta of WinZip 9.0, a new test version of the unfinished program that raised the compatibility concerns eight months ago.
WinZip officials are not estimating when the update will be finished and released in final form. But with this beta, you can decrypt an AES-encrypted archive created by PKWare--but you can encrypt only to the WinZip standard.
"We did not have enough time to test [PKWare-compatible] encrypting," says Edwin Siebesma, WinZip president. He says he's comfortable with the amount of testing WinZip has done on decryption, where "there's not an awful lot you can do wrong."
The new beta also lacks certificate-based encryption, a PKZip addition from 2002. Last June, WinZip and other companies complained that PKWare was keeping the details of certificate-based encryption to itself, creating a one-company version of the .zip format. PKWare has since published the certificate-based specs, but WinZip isn't using them. According to Siebesma, "We don't see a market for that."
PKWare, meanwhile, just posted to its Web site a new, WinZip-compatible version of its free PKZip Reader. The Reader enables anyone with a PC to decompress and (with the relevant password) decrypt .zip files. The new version can decrypt AES-encrypted .zip files created in WinZip as well as PKZip.
Who Owns What?
Meanwhile, PKWare is working to claim ownership rights on the improvements. Last year the company gave a single name, SecureZIP Technology, to all of its security improvements. These include not only AES encryption, but also digital signatures and certificates.
The company has also applied for a patent, arguably a major change from Katz's original intention of an open standard. PKWare President Steve Crawford defends the policy as a way to enforce a single standard.
"We saw that there was a lot of steering off with how vendors were implementing security," Crawford says. "It was important from our perspective to have a single format."
In PKWare's defense, the proposed patent only covers the method of accessing the file format, not the format itself. What's more, the details are posted on PKWare's Web site, and the company is offering its competitors free licenses.
For the time being, at least, the two companies appear to be cooperating. As WinZip's Siebesma put it, "The user is the big winner."