From: jim@bilbo.suite.com (Jim Miller) [...] I realize that by not compiling the code myself on my own machine I basically have to trust the ViaCrypt PGP implementation. So be it. If there is something wrong with ViaCrypt PGP I believe it will eventually be discovered. Somebody will no doubt disassemble it and look for backdoors. If someone finds one, ViaCrypt's reputation will be worthless. It's in ViaCrypts best interest not to put in any backdoors.
Unfortunately, backdoors have not been the main security problem in commercial system software, bugs and "honest mistakes" have been. Unfortunately too, there has been very little pressure by customers to hold companies accountable for the software they ship. Usually somebody uncovers a bug, uses it for a while, is detected, and that causes (in the best case) the software company to issue a new patch. Some distribute the patches for free, some make you pay big bucks for it. But never is the company really harmed by the fact that it claimed some level of security (or functionality), and was not providing it. If, in the future, ViaCrypt says "ooops, there was a debugging switch left on when we compiled, here is a free patch." would you discard your ViaCrypt PGP, buy the competitor's version (there is none), and sue them? Did they include any disclaimer in the license? Call me cynical, Pierre. pierre@shell.portal.com