1996-11-08 - Re: Validating a program

Header Data

From: Adam Shostack <adam@homeport.org>
To: dthorn@gte.net (Dale Thorn)
Message Hash: a814092273ae17e2c1c913b12144b5f6567a6787ff7378430df955535cf6a72d
Message ID: <199611081235.HAA18376@homeport.org>
Reply To: <3282BD90.43FA@gte.net>
UTC Datetime: 1996-11-08 12:38:27 UTC
Raw Date: Fri, 8 Nov 1996 04:38:27 -0800 (PST)

Raw message

From: Adam Shostack <adam@homeport.org>
Date: Fri, 8 Nov 1996 04:38:27 -0800 (PST)
To: dthorn@gte.net (Dale Thorn)
Subject: Re: Validating a program
In-Reply-To: <3282BD90.43FA@gte.net>
Message-ID: <199611081235.HAA18376@homeport.org>
MIME-Version: 1.0
Content-Type: text


Dale Thorn wrote:
| Adam Shostack wrote:
| > Dale Thorn wrote:
| > | stewarts@ix.netcom.com wrote:
| > | > >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
| > | > >> > Last,  I would like to know once and for all,  is PGP compromised,  is
| > | > >> > there a back door, and have we been fooled by NSA to believe it's secure?
| 
| > | > You can read and compile the source code yourself.
| 
| > | Really?  All 60,000 or so lines, including all 'includes' or attachments?
| > | I'll bet you can't find 10 out of 1,000 users who have read the total source,
| > | let alone comprehended and validated it.
| 
| [snip]
| 
| > In short, if you're paranoid, feel free to look over the source.  But the fact that
| > most people have never peeked under the hood is not a strike against pgp at all.
| 
| The quip about peeking under the hood may apply OK to an automobile, but to a program
| which encrypts?  Granted that most messages (99+ % ??), if read by NSA et al, won't
| put the sender in any great danger, but when the application is really serious, as it
| always is sooner or later, you must realize that people could be taking great risks
| with PGP encryption, and "pretty sure" isn't good enough when it's really, really
| vital to have bulletproof security.

	You're wrong.

	People can make their own choices about what level of risk
they're willing to accept.  That they make bad choices is not my
problem, except when they're paying for my opinion.

Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







Thread