From: John Young <jya@pipeline.com>
To: cypherpunks@toad.com
Message Hash: 37718c33755cd0e9d0fd290dac9fb1efde40c94371e6fa6e95f2b28782b64e95
Message ID: <1.5.4.32.19971206192208.00706884@pop.pipeline.com>
Reply To: N/A
UTC Datetime: 1997-12-06 19:33:05 UTC
Raw Date: Sun, 7 Dec 1997 03:33:05 +0800
From: John Young <jya@pipeline.com>
Date: Sun, 7 Dec 1997 03:33:05 +0800
To: cypherpunks@toad.com
Subject: Re: SynData/Schneier Attack Network Associates
Message-ID: <1.5.4.32.19971206192208.00706884@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain
cvhd@indyweb.net wrote:
>I have never bought into any of the conspiranauts BS about
>PGP backdoors as long as PZ was involved with it but I will
>certainly assume it is to be a "given" with PGP in the hands
>of McAfee.
Has Phil Zimmermann responded to the months long criticism
of PGP 5.0 for Business and PGP's acquisition by Network
Associates?
If not, what seems to be the most reasonable explanation for
Phil not answering, to allay suspicions and sustain PGP's
worldwide reputation? The explanations by others working
with PGP, Inc. would surely be more credible if Phil expressed
public support for their views.
I still find it hard to accept that Phil would squander his personal
reputation, and thereby the reputation of his invention, by
refusing to provide a public accounting of what's happening
with PGP Inc. And, no matter the legal and financial restrictions
that might be contraining him. And no matter that PGP's
competitors are probably encouraging some of the attacks.
Security by obscurity, by indifference to public doubts, seems
to be a surefire way to undermine Phil's years long struggle
to distinguish himself from those less courageous than him
who are pushing products less reliable than PGP has been
believed to be until now.
It's a haunting thought to consider that Phil may have been
shown evidence by others that PGP is not as reliable as many
have long believed, evidence that perhaps demonstrates what
he knew all along. This is harsh suspicion and one that needs
his response, if for no other reason to allay the fear that even
prior versions of PGP are now suspect.
PGP and Phil's personal reputation are at stake, not PGP, Inc.,
which is secondary. There are lots of folks whose freedom,
if not lives, may be at risk due to his silence.
Perhaps it's time for Phil to reaffirm that difficult choice between
success and conviction, between making a killing and betraying
others to do so. To remind those who think you can have both
ways and get away with it is a cowardly fantasy too often hidden
behind self-serving ethics.
If Phil personally (not the PGP officer, not the distinguished scientist
bullshit role, not the PGP employees) refuses to stand behind PGP
as it has been known and trusted, then PGP and Phil should be
denounced forever as a grand deception and treachery, even
worse than the other crypto products eagerly shaped -- and openly
proud of it -- to fit the specs of the paymaster snoops Phil himself
once bravely challenged.
I think Phil will come through now, as he has in the past, to distinguish
himself and PGP (not Inc.) from the craven pack.
If he doesn't, it's smart to give up using PGP in all its guises past and
future.
Return to December 1997
Return to “John Young <jya@pipeline.com>”
1997-12-06 (Sun, 7 Dec 1997 03:33:05 +0800) - Re: SynData/Schneier Attack Network Associates - John Young <jya@pipeline.com>