From: “Perry E. Metzger” <perry@imsi.com>
To: nefud-the-delirious@tamu.edu
Message Hash: 1d9d228f0dd908aaed31d1075689fc4f299f5266748bf72fe2cc29a839f3e994
Message ID: <9405162025.AA28191@snark.imsi.com>
Reply To: <9405162013.AA00693@elvis.tamu.edu>
UTC Datetime: 1994-05-16 20:25:58 UTC
Raw Date: Mon, 16 May 94 13:25:58 PDT
From: "Perry E. Metzger" <perry@imsi.com>
Date: Mon, 16 May 94 13:25:58 PDT
To: nefud-the-delirious@tamu.edu
Subject: Re: PGP 2.6 and the future
In-Reply-To: <9405162013.AA00693@elvis.tamu.edu>
Message-ID: <9405162025.AA28191@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain
Allan Bailey says:
> I'm willing to wager that 2.6 (and maybe 2.5) MIT'd PGP versions
> are hacked by the NSA to put in a backdoor.
> ^^^^^^^^^^ (emphasis added.)
>
> I'll bet you a C-note, Perry.
Done for $100.
> Now how do you propose to prove or disprove this?
The commonly selected way to settle such things is to select a neutral
referee to adjudicate based on available evidence. The source code is
public, so it should it should be trivial to read it and make a
decision as to whether anything untoward has been done. I'll accept
any reasonably expert referee -- my selection of choice would be Hal
Finney since he is a well known cypherpunk, is strongly familiar with
the code and would recognise any tampering. Tampering may be defined
given what you are claiming as the presense of what a reasonable
cryptographer would refer to as a "back door". If you have any other
suggested neutral third parties with requisite skill I'll happily tell
you if they are acceptable. Once we've settled on a judge and they've
accepted the charge (we may need to pay the person for their time), we
present our evidence to the person and allow them to make a decision.
I'll happily bet any larger sum, too, if you like. I'd also request
that a neutral third party hold the stakes. At your choice the party
can be the judge or another individual mutually acceptable.
Perry
Return to May 1994
Return to ““Robert A. Hayden” <hayden@krypton.mankato.msus.edu>”