I received the following comments on ViaCrypt from Phil Z. Reposting here with permission. I'll try to forward a summary of your comments. ==================================================================== Subject: Re: Your visit To: spectrx!edgar (Edgar W. Swank) *Edgar* Date: Wed, 1 Sep 93 20:40:08 MDT From: Philip Zimmermann <szebra!columbine.cgd.ucar.EDU!prz> Hello Edgar. Thanks for your hospitality. I enjoyed our conversations during my visit. The PKP/Viacrypt contract requires that ViaCrypt use THEIR OWN RSA cryptographic engine, not PKP's or RSADSI's. I will be working closely with them to ensure that they do a good job on that. Actually, RSA calculations are fairly straightforward, and it's hard to screw them up. I will probably try to get them to stick with my own keygen routines, if they are allowed to use them in the PKP contract. The keygen stuff would be the most important place to look for any security holes. My discussions with ViaCrypt's president, Lenny Mikus, and his programming staff, suggest to me that they are genuinely interested in making a very secure product. It's possible, I suppose, that maybe I could talk to ViaCrypt about maybe publishing the source code for the rest of ViaCrypt PGP, minus the RSA engines that the PKP contract won't let them publish. We'll see. The current plans are for them to use the straight PGP source code with no changes except for using their own RSA engines. So publishing the source code would not yield many new insights anyway, since it's the same. Other than as a confidence builder, which is nice to have. You may repost this to cypherpunks if you wish. Phil -- edgar@spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca