Chris Leonard says:
I talked once again with Dave Barnheart at ViaCrypt, and he told me: A) No source code will be available, due to the nature of the agreement between PKP and ViaCrypt.
Isn't there some way to black box it the way engineers do with circuits? If you control the inputs, randseed, message, keys etc. that goes into each copy of the program aren't you going to be able to compare the outputs directly. Or are they going to be different everytime because of some randomization I am unaware of? remember the naive part :-)
Frankly, I see no real problems so far. But several good things: 1) PKP is going to get some royalties, so they're happy. Does it mean they're going to leave freeware PGP alone? 2) Business users, who didn't dare to use PGP fearing lawsuits, can now buy it officially and use legally. A big step forward. 3) As long as ViaCrypt will release patches, so that freeware PGP can stay in sync with their product, compatibility isn't an issue... 4) It's not too hard to build a test-suite for PGP to ensure it's implementation of IDEA is correct, and it's possible to check it's key generation/session key generation things. Of course key management isn't too big a deal either... Thus I don't think it requires too great an effort to trust ViaCrypt. And if not - buy their copy to stay legal and use the Source to be safe (:-). The only thing unclear to me yet is - what exactly is PKP going to do (if anything) about freeware PGP in USA? -- Regards, Uri uri@watson.ibm.com scifi!angmar!uri N2RIU ----------- <Disclamer>