From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Thu, 7 Nov 1996 11:17:47 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Information [for new PGP user]
Message-ID: <3.0b36.32.19961107111639.00d927d4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:08 AM 11/7/96 -0800, Dale Thorn wrote:
>stewarts@ix.netcom.com wrote:

>> You can read and compile the source code yourself.
>
>[snip, snip]
>
>Really?  All 60,000 or so lines, including all 'includes' or attachments?
>
>I'll bet you can't find 10 out of 1,000 users who have read the total source,
>let alone comprehended and validated it.

Depending on the system, compiler and version of PGP, compilation may or
may not function as expected.

I have had a number of odd problems compiling the code for the PC over the
years.  (It has always compiled easily on the Unix boxes I have used.)  The
"gorrila" version on the Cypherpunks FTP site does not want to compile at
all.  (It wanted specific libraries that were not in the version of the
compiler I was using.)  Microsoft's compiler had a few odd problems as well
with some of the earlier versions.  (I think I was compiling PGP 2.6 with
VC++ 7.0.)

Also, you have to have the compiler in the first place.  The latest
compilers are getting pretty big.  (100+ megs!)  Most people either do not
have the disk space, the money for them (or do not know where to get free
ones), or the needed arcane knowledge to get the compile to happen at all.
(And if there was a subtile bug in the code, most people would not be able
to find it.  This includes many programmers.)

BTW, there is a Windows95 console version of the International version.
(Check out http://www.ifi.uio.no/pgp/download.shtml for versions
available.)  It is the "non-us approved" version, so use at your own risk.

My problem with PGP is that there is no protection for information on what
keys are on your secret keyring.  It would be quite possible to create a
program that read the keyring and saved off the names of all nyms and
truenames it found there.  (It would make it quite easy to then find out
that "Nym X" is associated with "User Y".)  And with Active X, it could be
offloaded to a remote site without anyone being the wiser...

---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |