[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Viacrypt PGP source code unavailable

Chris Leonard says:
> >I talked once again with Dave Barnheart at ViaCrypt, and he told me:
> >	A) No source code will be available, due to the nature of the
> >agreement between PKP and ViaCrypt.

> Isn't there some way to black box it the way engineers do with circuits?
> If you control the inputs, randseed, message, keys etc. that goes into each
> copy of the program aren't you going to be able to compare the outputs
> directly.  Or are they going to be different everytime because of some
> randomization I am unaware of?  remember the naive part :-)

Frankly, I see no real problems so far. But several good things:

1) PKP is going to get some royalties, so they're happy.
   Does it mean they're going to leave freeware PGP alone?

2) Business users, who didn't dare to use PGP fearing lawsuits,
   can now buy it officially and use legally. A big step forward.

3) As long as ViaCrypt will release patches, so that freeware PGP can
   stay in sync with their product, compatibility isn't an issue...

4) It's not too hard to build a test-suite for PGP to ensure it's
   implementation of IDEA is correct, and it's possible to check
   it's key generation/session key generation things. Of course
   key management isn't too big a deal either... Thus I don't
   think it requires too great an effort to trust ViaCrypt.
   And if not - buy their copy to stay legal and use the
   Source to be safe (:-).

The only thing unclear to me yet is - what exactly is PKP going
to do (if anything) about freeware PGP in USA?
Uri         [email protected]      scifi!angmar!uri 	N2RIU