From: Derek Atkins <warlord@Athena.MIT.EDU>
Date: Thu, 26 Aug 93 20:32:38 PDT
To: danodom@matt.ksu.ksu.edu (Dan Odom)
Subject: Re: Source Code NOT available for ViaCrypt PGP
In-Reply-To: <9308262239.AA26848@matt.ksu.ksu.edu>
Message-ID: <9308270328.AA20123@w20-575-50.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> That is not a bad idea, and I would trust certain people to tell the
> truth about ViaCrypt PGP's security....  the problem is convincing
> ViaCrypt to let someone that Cypherpunks consider trustworthy to look
> at it.  I mean, I wouldn't listen to Sternlight or Denning, but I
> might listen to May or Gilmore.  But would ViaCrypt allow May or
> Gilmore to see their source?

You realize that this is not ViaCrypt taking PGP and making it into a
product, but an agreement between Phil Z. and ViaCrypt to turn the
Public version into a legal-for-commercial-use product???  First and
foremost, the public, shareware (freeware?  I forget what the status
is) version of PGP will always remain ahead of the commercial version,
but the commercial version will use the code from the free version.

Secondly, regarding "whom do you trust": Do you trust Phil Z?  As far
as I know (and granted, its not much, yet), Phil Z is going to oversee
the commercial product, to make sure that nothing is put into it.
Granted, he probably wont get to see the RSA sources, but there are
sources of those (pun intended).

Listen, this is a Good Thing (TM).  It means that there will be a
version of PGP, for a nominal fee, that is legal for commercial use in
the US.  When the free(share)ware version of PGP also becomes legal,
then there won't be any problems with RSA/PKP!!!  This is a step in
the right direction.  Let's calm down some and see where it goes!

-derek