The .zip standard splinters

The .zip compression format has known remarkable stability and compatibility for many years, but that may soon change. PKWare and WinZip Computing, makers of competing compression and encryption products, are fighting over the .zip standard -- which means that .zip archive files created by one program may not be accessible by the other.

Both companies recently changed their implementations of the .zip format. In May, WinZip released a beta version of WinZip 9 that alters the .zip format. PKWare made its changes earlier, but recently posted specifications detailing its changes to the format.

PKWare is the company founded by .zip inventor Phil Katz, who died in 2000. Katz decided to make the .zip format an open standard, free for anyone to read or use when designing a program. This open standard allowed for the creation of PKWare's chief competitor, WinZip, which now dominates the market.

Positive Change

The .zip format couldn't stay the same forever. For one thing, it desperately needed adequate encryption. The long-established .zip 2.04g specification's password protection couldn't stop a reasonably knowledgeable hacker.

PKWare responded to these needs, slowly rolling out options such as certificate-based security and 256-bit AES encryption.

The recently released beta version of WinZip 9 boasts 256-bit AES encryption as well (without certificates). Although both programs use AES, the encrypted archives aren't compatible.

WitholdingDetails?

Since PKZip's encryption hit the market first, why didn't WinZip make its product compatible? Because PKWare didn't tell WinZip how. Until PKWare's recent release, the company hadn't updated its posted specification since 2001; the encryption details simply weren't available.

"We went a very long time trying to never be incompatible," says Kevin Kearney, WinZip technical consultant. "Then PKWare themselves did something [with encryption] that wasn't in the specs." WinZip eventually decided to go it alone.

Even PKWare's new specs aren't complete, lacking important information on certificate-based encryption. Although the feature was introduced in PKZip 5.0 for Windows nearly a year ago, it has not yet appeared in PKZip for other platforms -- specifically mainframes -- and PKWare doesn't consider it complete.

"Certificate-based encryption is still a work in progress," says Jim Peterson, PKZip chief technology officer. "We're not publishing it because we still have a number of features to add."

WinZip's Kearney is skeptical of that reasoning.

"They try to keep it to themselves, and if the pressure gets hot they can dribble out stuff....We think there's a legitimate claim that they're going against their stated claim to keep an open standard," Kearney says.

WinZip, by contrast, released its new specification May 12, when its beta test for the encryption-enabled Version 9 went public.

But the spec should not come out until a product is done, says Steve Crawford, PKWare's chief marketing officer. He couldn't say whether PKZip will add WinZip's extensions, "given the fact that it is still a beta product." And later? "We'll cross that bridge when we get there," Crawford says.