RE: LivePGP (fwd)

[Black Unicorn <unicorn@schloss.li>]

In response to my point that refusing to release the source code of his
software will have the effect of discouraging its use by anyone with a
clue,

On Wed, 2 Oct 1996, Ming-Ching Tiew wrote:

> 
> While most certainly you are entitled to express whatsoever
> idea of yours and certainly the same applies to me.
> 

This goes without saying.

> I am most certainly not a crypto implementor, the entire
> cryptographic part of LivePGP relies on PGP. It is taken
> without a single line of change from the compiled executable,
> which source is available in full. So, the peer review and
> stuff are fully applicable.

Incorrect.  You have incorporated PGP in a new piece of software.  How are
we to know you took the code line for line unless we are able to verify
this claim?  Obviously, we cannot.

Your software is, therefore, untrustworthy.  This is not a matter simply
of my opinion.  This is basic doctrine in the development of crypto
software.  Ask anyone who knows what they are talking about.

Joe Average may be interested in your product, but no expert, or even
fairly knowledgeable individual, will ever take it seriously while the
source code remains private.

> I am also most certain that you will have a response to this
> view of mine. For whatever it is, I forsee that we will remain
> holding on to our own views. So, we should not carried on
> with this "discussion", for it will not be a productive work.

Your attitude distresses me and your ignorance of the importance of peer
review gives me pause when considering your potential skill as a crypto
programmer.

> Anyway thank you for a brief moment of interest in LivePGP
> which you have demonstrated. I really appreciate that.

Many of us would appreciate it if your, seemingly very useful software,
was also trustworthy enough to be used.


> Regards,
> Ming-Ching
>  
> ----------

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li