1996-01-05 - An open letter to Commtouch

Header Data

From: Raph Levien <raph@c2.org>
To: cypherpunks@toad.com
Message Hash: 84f8d8409e334a1dec95706d79f21bcab9ccdc2c3b163f4992b59a889c1e57cb
Message ID: <199601052139.NAA20363@infinity.c2.org>
Reply To: N/A
UTC Datetime: 1996-01-05 23:04:07 UTC
Raw Date: Sat, 6 Jan 1996 07:04:07 +0800

Raw message

From: Raph Levien <raph@c2.org>
Date: Sat, 6 Jan 1996 07:04:07 +0800
To: cypherpunks@toad.com
Subject: An open letter to Commtouch
Message-ID: <199601052139.NAA20363@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Hi Commtouch people,

   I am intrigued and hopeful about your secure e-mail product, Pronto
Secure. However, I am puzzled about its support for POTP encryption.

   The other encryption protocols (PGP, PEM, MOSS, and S/MIME) have
all been reviewed carefully by outside experts, and there is general
consensus that these protocols embody state-of-the-art cryptographic
technology, and that there are no known major security flaws. POTP
stands out on your list because such a review has not been carried
out. In fact, grave doubts have been raised regarding its security,
and (to my taste, anyway) not satisfactorily answered.
   I do not wish to raise those points here, nor do I wish to claim
here that POTP is insecure. However, I believe the reputation of your
product is drawn into question by association. Should POTP be
definitively demonstrated to be weak, then it would not be the case
that using your product according to the instructions would provide
"security." Further, I would consider it slightly misleading to
describe it as "mission-critical."

   I feel the situation is analogous to that of a hypothetical
networking company claiming that their product delivers high bandwidth
by offering the choice of ATM, Myrinet, 100Mbps Ethernet, or string
and tin cans.

   That said, I applaud your multiprotocol approach in general. In
fact, I feel it is the future of Internet security tools. I hope your
product gains widespread acceptance, and helps to further the cause of
deployment of strong crypto.

Raph Levien





Thread