1993-08-29 - Examination of ViaCrypt’s PGP by members of this group

Header Data

From: mbriceno@aol.com
To: cypherpunks@toad.com
Message Hash: cf28f30abf5c529ab704dde7f4d65e99a5c58df85197545da6eb0968f2c02f56
Message ID: <9308290503.tn71687@aol.com>
Reply To: N/A
UTC Datetime: 1993-08-29 09:08:23 UTC
Raw Date: Sun, 29 Aug 93 02:08:23 PDT

Raw message

From: mbriceno@aol.com
Date: Sun, 29 Aug 93 02:08:23 PDT
To: cypherpunks@toad.com
Subject: Examination of ViaCrypt's PGP by members of this group
Message-ID: <9308290503.tn71687@aol.com>
MIME-Version: 1.0
Content-Type: text/plain

A number of posts have proposed that perhaps some of the more astute members
of this list should be allowed by ViaCryp to examine the source of the
commercial PGP. The idea is that if some of the people we are likely to trust
give their O.K. to the code then we can all go out and buy the program
without fear of hidden back doors.
Unfortunately this proposal has the same fundamental flaws that the recent
review of the Clipper chip by Denning et al had.

A group of even the most competent reviewers can overlook some problems in
the code. It may take a long time before a flaw is discovered. The stamp of
approval by some members of this list to a commercial PGP with a secret
source code would therefore be little more than a marketing scheme. It would
be no different from the expert review marketing scheme used to sell us
Clipper, as --I think it was John Gillmore-- has recently explained.