1996-11-08 - Re: Validating a program

Header Data

From: Dale Thorn <dthorn@gte.net>
To: Adam Shostack <adam@homeport.org>
Message Hash: d506e767b3d87d4c47e26127f55d269f7373ba4af64a601c3ed4c26166d17c30
Message ID: <328353D8.4D28@gte.net>
Reply To: <199611081235.HAA18376@homeport.org>
UTC Datetime: 1996-11-08 15:39:01 UTC
Raw Date: Fri, 8 Nov 1996 07:39:01 -0800 (PST)

Raw message

From: Dale Thorn <dthorn@gte.net>
Date: Fri, 8 Nov 1996 07:39:01 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: Validating a program
In-Reply-To: <199611081235.HAA18376@homeport.org>
Message-ID: <328353D8.4D28@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack wrote:
> Dale Thorn wrote:
> | Adam Shostack wrote:
> | > Dale Thorn wrote:
> | > | stewarts@ix.netcom.com wrote:
> | > | > >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:

> | The quip about peeking under the hood may apply OK to an automobile, but to a program
> | which encrypts?  Granted that most messages (99+ % ??), if read by NSA et al, won't
> | put the sender in any great danger, but when the application is really serious, as it
> | always is sooner or later, you must realize that people could be taking great risks
> | with PGP encryption, and "pretty sure" isn't good enough when it's really, really
> | vital to have bulletproof security.

>         You're wrong.
>         People can make their own choices about what level of risk
> they're willing to accept.  That they make bad choices is not my
> problem, except when they're paying for my opinion.

It's easy to say, but when the "shit comes down" as they say, the average user is
going to swear they had assurance PGP was absolutely secure, etc....






Thread