1993-08-26 - Re: Viacrypt PGP source code unavailable

Header Data

From: uri@watson.ibm.com
To: cypherpunks@toad.com (cypherpunks)
Message Hash: 09b483c3fd822ebfa1e6922d1402f0336b59fd574870acf35018ae993d174270
Message ID: <9308260527.AA19219@buoy.watson.ibm.com>
Reply To: <9308260315.AA07283@ micro.med.cornell.edu>
UTC Datetime: 1993-08-26 05:32:19 UTC
Raw Date: Wed, 25 Aug 93 22:32:19 PDT

Raw message

From: uri@watson.ibm.com
Date: Wed, 25 Aug 93 22:32:19 PDT
To: cypherpunks@toad.com (cypherpunks)
Subject: Re: Viacrypt PGP source code unavailable
In-Reply-To: <9308260315.AA07283@ micro.med.cornell.edu>
Message-ID: <9308260527.AA19219@buoy.watson.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain


Chris Leonard says:
> >I talked once again with Dave Barnheart at ViaCrypt, and he told me:
> >	A) No source code will be available, due to the nature of the
> >agreement between PKP and ViaCrypt.

> Isn't there some way to black box it the way engineers do with circuits?
> If you control the inputs, randseed, message, keys etc. that goes into each
> copy of the program aren't you going to be able to compare the outputs
> directly.  Or are they going to be different everytime because of some
> randomization I am unaware of?  remember the naive part :-)

Frankly, I see no real problems so far. But several good things:

1) PKP is going to get some royalties, so they're happy.
   Does it mean they're going to leave freeware PGP alone?

2) Business users, who didn't dare to use PGP fearing lawsuits,
   can now buy it officially and use legally. A big step forward.

3) As long as ViaCrypt will release patches, so that freeware PGP can
   stay in sync with their product, compatibility isn't an issue...

4) It's not too hard to build a test-suite for PGP to ensure it's
   implementation of IDEA is correct, and it's possible to check
   it's key generation/session key generation things. Of course
   key management isn't too big a deal either... Thus I don't
   think it requires too great an effort to trust ViaCrypt.
   And if not - buy their copy to stay legal and use the
   Source to be safe (:-).

The only thing unclear to me yet is - what exactly is PKP going
to do (if anything) about freeware PGP in USA?
--
Regards,
Uri         uri@watson.ibm.com      scifi!angmar!uri 	N2RIU
-----------
<Disclamer>






Thread