From: grendel@netaxs.com (Michael Handler)
Date: Mon, 16 May 94 15:34:19 PDT
To: nefud-the-delirious@tamu.edu
Subject: Re: PGP 2.6 and the future
In-Reply-To: <9405162000.AA00650@elvis.tamu.edu>
Message-ID: <199405162234.SAA03053@access.netaxs.com>
MIME-Version: 1.0
Content-Type: text


> "Robert A. Hayden" writes:
> 
> I'm willing to wager that this 2.6 and maybe 2.5 versions are 
> hacked by the NSA to put in their spiffy key-escrowed backdoor.
> 
> Anyone think 2.6 *doesn't* have a backdoor added?

	Yup. In order for ANYONE with sense to trust this release, they're
going to have to release the source like they have in previous versions.
If there is a backdoor in the code, it will undoubtedly be spotted rather
quickly, as there will be hundreds, if not thousands of people going over
the code... And if there is a backdoor, it will be quickly eliminated via
a patch file.
	Personally, I'm going to compile the code myself, just to make
sure they haven't tried to sneak a backdoor into the binary and not the
source...

	As for patching PGP 2.6 to read previous messages: since RSAREF is
going to be changing, I don't know how likely this is. Our best bet would
be to include RSAREF 2.0, which I believe can still decode earlier
messages, as well as the new RSAREF, and put in code to recognize which
version of PGP the message was created with and use the "apppropriate"
version of RSAREF.
	Anyway, this should be a moot point after about two weeks or so,
as PGP v2.6 will undoubtedly appear in the rest of the world..

-- 
==========================================================================
|  Michael Brandt Handler  |  Philadelphia, PA  |  <grendel@netaxs.com>  |
|        PGP 2.3a public key available via server / mail / finger        |
==========================================================================