From: "Omegaman" <Omegaman@bigeasy.com>
Date: Wed, 28 Aug 1996 12:41:16 +0800
To: cypherpunks@toad.com
Subject: (Fwd) Re: The POUCH
Message-ID: <199608280157.UAA08066@bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain


After reading Mr. Holt's announcement and the subsequent replies on 
the list I decided to send him a polite off-list reply.  In it I 
briefly reiterated the argument that knowing how a lock mechanism 
work does not make the lock insecure; furthermore, it makes it more 
secure.

I then stated, in all caps, that not knowing the algorhythm is 
inherently insecure.  I stated that he should not be surprised when 
encryption activists bristle at the knowingly (or otherwise) 
techniques which pander to a crypto-ignorant populace.  
I requested no reply and completed with a few quotes from the "Snake Oil" 
chapter of the PGP documention.  I told him to ask himself if he felt
that the marketing techniques he was using fit the profile contained 
therein.

While not the friendliest of e-mails, I was certainly civil and 
sincerely hoped to prod Mr. Holt to consider these issues and assess 
his approach.

His reply was so rediculous that I decided to post it to the list 
with my own reply attached.  Chuckle at will.

------- Forwarded Message Follows -------
From:          Self <Single-user mode>
To:            "JOHN E. HOLT" <76473.1732@CompuServe.COM>
Subject:       Re: The POUCH
Reply-to:      omega@bigeasy.com
Date:          Tue, 27 Aug 1996 20:54:21


> You write me using a software package that was ripped off from RSA
> that you got free from a bulletin board.  What level of trust is that?

You really know nothing at all about encryption.  At least I KNOW 
what I'm getting.  I know what the RSA algorhythm is.  I know it has 
been tested and studied.  Whether or not it was "ripped off" depends 
on whether or not you're related to RSA data security in some way.  
It's a copyright issue and has nothing whatsoever to do with the 
technology itself.  All the algorhythms used in the PGP package were 
written by others; what does that have to do with anything?

What does the price of the software have to do with anything?  If I 
spent money on it does that make it any more secure?  I would gladly 
spend money on secure encryption technology.  I, for one, would like 
to be comfortable that it's money well-spent.

Your defenses are those of one who has nothing to defend.  Crying 
"libel" and making empty statements such as the above are actions 
that divert attention from the truth; that your product is most 
likely worthless crap.  Furthermore, you really don't know for 
yourself whether or not this is true.

Happy selling.

me
------------------------------------------------------------------
Omegaman <omega@bigeasy.com>
PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                       59 0A 01 E3 AF 81 94 63 
Send E-mail with the "get key" in the "Subject:" field
to get my public key
-------------------------------------------------------------------