[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Examination of ViaCrypt's PGP by members of this group

A number of posts have proposed that perhaps some of the more astute members
of this list should be allowed by ViaCryp to examine the source of the
commercial PGP. The idea is that if some of the people we are likely to trust
give their O.K. to the code then we can all go out and buy the program
without fear of hidden back doors.
Unfortunately this proposal has the same fundamental flaws that the recent
review of the Clipper chip by Denning et al had.

A group of even the most competent reviewers can overlook some problems in
the code. It may take a long time before a flaw is discovered. The stamp of
approval by some members of this list to a commercial PGP with a secret
source code would therefore be little more than a marketing scheme. It would
be no different from the expert review marketing scheme used to sell us
Clipper, as --I think it was John Gillmore-- has recently explained.