On Mon, 26 Aug 1996, Perry E. Metzger wrote:
Mr. Curtin;
You are too kind. I suspect that 'The Pouch' is a piece of junk, although the lack of public disclosure makes it impossible to demonstrate that. If Mr. Holt would like to sue me, he's invited to. I'm sure he'll be at least as likely to follow up as Karl Denninger or "Dr." Fred C. Cohen.
Perry
C Matthew Curtin writes:
JOHN> Dear Mr. Curtin JOHN> Your statements about myself and my product, The JOHN> POUCH are defamatory. Since they have been made in writing and JOHN> shown to and seen by other parties on the Internet, they JOHN> constitute libel. Please admit to all parties that you have no JOHN> personal knowledge of my product capabilities or my personal JOHN> character or reputation. Failure to do so at once will result JOHN> in legal action against you personally and Megasoft. [...] I, speaking only on behalf of myself, stand by this statement. I do not apologize for my comments. If you, Mr. Holt, feel that this is a personal attack against you, I regret that you've misunderstood the tone and nature of my post. My statement is hardly libelous; I simply observed that if your product is truly secure, there is no means by which security experts can verify such claims.
As an attorney I can say that not only would I happily represent anyone Mr. Holt sued for libel, but I would consider my contingency fee a free lunch. I wouldn't even bother preparing for the pre-trial hearing. Truth, afterall, is an absolute defense to libel. Your threat to sue is, clearly, merely an attempt to stifle any effort to criticize your product. I believe a more accurate legal view is that you are committing fraud by misrepresenting "The Pouch" as a more potent implementation than it really is. You state:
The Pouch uses a 64 x 64 block product cipher, a 1024 bit random initialization vector and the CBC technique. Most experts agree that such an implementation is highly resistant to all forms of cryptographic attack.
This position has been refuted by at least one expert on this list. I would remind you that each and every sale you make of this product, when based on material misrepresentation, constitutes a fraud. If made by wire, as these sales seem they may, they represent wire fraud. That's one count of fraud and one count of wire fraud. If a check is sent to you via mail, that's a count of mail fraud to boot. As you have been warned now of the flaws in your system, I don't think you have much of a defense unless you can produce some experts to support your own view of the cipher. I won't hold my breath. I am constantly amazed that people advertize new crypto products on this list and then whine when they are literally decimated as to their technical merit. Go sell to children if your product can't stand the intelligence of adults. -- I hate lightning - finger for public key - Vote Monarchist unicorn@schloss.li