From: technopagan priest <tedwards@wam.umd.edu>
Date: Fri, 27 Aug 93 11:12:52 PDT
To: cypherpunks@toad.com
Subject: ViaCrypt PGP and source code
Message-ID: <199308271810.AA08679@rac1.wam.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain



I am sure that businesses will buy ViaCrypt PGP, even for $100.
PGP has proven itself to be a useful and safe encryption
package, and also can do digital signature, a feature not seen
in similarly priced PC security packages.

I think to not release the source code with ViaCrypt PGP is
a serious mistake.  First, I cannot see how releasing the 
RSA source can be harmful to ViaCrypt.  People can freely
examine PD PGP, I can't see how any trade secrets are going to
be revealed by showing the RSA source.  Perhaps it is slightly
faster, but information theoretic limits show that RSA quickly
becomes lengthy to encrypt, and I doubt PKP nor ViaCrypt have
made any significant progress towards making it faster compared
with PD PGP.

I had to laugh when people suggested the "Clipper-Like" review.
Why is it good for ViaCrypt, but not good for the government?

Let's face it...if ViaCrypt is serious about security, they will
release all source code for examination, and will digitally
sign all programs and have those signatures tracable to a
key on a ViaCrypt owned dial-up BBS.

I understand that there is a contractual problem with releasing
the RSA source.  Perhaps the contract should be re-negotiated.
I will bet ViaCrypt PGP will rapidly become a best-seller if
implemented properly.  There is plenty of money to be made if
everything is kept on the cryptographic "up and up."

-Thomas