[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Validating a program



Adam Shostack wrote:
> Dale Thorn wrote:
> | Adam Shostack wrote:
> | > Dale Thorn wrote:
> | > | [email protected] wrote:
> | > | > >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:

> | The quip about peeking under the hood may apply OK to an automobile, but to a program
> | which encrypts?  Granted that most messages (99+ % ??), if read by NSA et al, won't
> | put the sender in any great danger, but when the application is really serious, as it
> | always is sooner or later, you must realize that people could be taking great risks
> | with PGP encryption, and "pretty sure" isn't good enough when it's really, really
> | vital to have bulletproof security.

>         You're wrong.
>         People can make their own choices about what level of risk
> they're willing to accept.  That they make bad choices is not my
> problem, except when they're paying for my opinion.

It's easy to say, but when the "shit comes down" as they say, the average user is
going to swear they had assurance PGP was absolutely secure, etc....