That is not a bad idea, and I would trust certain people to tell the truth about ViaCrypt PGP's security.... the problem is convincing ViaCrypt to let someone that Cypherpunks consider trustworthy to look at it. I mean, I wouldn't listen to Sternlight or Denning, but I might listen to May or Gilmore. But would ViaCrypt allow May or Gilmore to see their source?
You realize that this is not ViaCrypt taking PGP and making it into a product, but an agreement between Phil Z. and ViaCrypt to turn the Public version into a legal-for-commercial-use product??? First and foremost, the public, shareware (freeware? I forget what the status is) version of PGP will always remain ahead of the commercial version, but the commercial version will use the code from the free version. Secondly, regarding "whom do you trust": Do you trust Phil Z? As far as I know (and granted, its not much, yet), Phil Z is going to oversee the commercial product, to make sure that nothing is put into it. Granted, he probably wont get to see the RSA sources, but there are sources of those (pun intended). Listen, this is a Good Thing (TM). It means that there will be a version of PGP, for a nominal fee, that is legal for commercial use in the US. When the free(share)ware version of PGP also becomes legal, then there won't be any problems with RSA/PKP!!! This is a step in the right direction. Let's calm down some and see where it goes! -derek