After reading Mr. Holt's announcement and the subsequent replies on the list I decided to send him a polite off-list reply. In it I briefly reiterated the argument that knowing how a lock mechanism work does not make the lock insecure; furthermore, it makes it more secure. I then stated, in all caps, that not knowing the algorhythm is inherently insecure. I stated that he should not be surprised when encryption activists bristle at the knowingly (or otherwise) techniques which pander to a crypto-ignorant populace. I requested no reply and completed with a few quotes from the "Snake Oil" chapter of the PGP documention. I told him to ask himself if he felt that the marketing techniques he was using fit the profile contained therein. While not the friendliest of e-mails, I was certainly civil and sincerely hoped to prod Mr. Holt to consider these issues and assess his approach. His reply was so rediculous that I decided to post it to the list with my own reply attached. Chuckle at will. ------- Forwarded Message Follows ------- From: Self <Single-user mode> To: "JOHN E. HOLT" <76473.1732@CompuServe.COM> Subject: Re: The POUCH Reply-to: omega@bigeasy.com Date: Tue, 27 Aug 1996 20:54:21

You write me using a software package that was ripped off from RSA that you got free from a bulletin board. What level of trust is that?

You really know nothing at all about encryption. At least I KNOW what I'm getting. I know what the RSA algorhythm is. I know it has been tested and studied. Whether or not it was "ripped off" depends on whether or not you're related to RSA data security in some way. It's a copyright issue and has nothing whatsoever to do with the technology itself. All the algorhythms used in the PGP package were written by others; what does that have to do with anything? What does the price of the software have to do with anything? If I spent money on it does that make it any more secure? I would gladly spend money on secure encryption technology. I, for one, would like to be comfortable that it's money well-spent. Your defenses are those of one who has nothing to defend. Crying "libel" and making empty statements such as the above are actions that divert attention from the truth; that your product is most likely worthless crap. Furthermore, you really don't know for yourself whether or not this is true. Happy selling. me ------------------------------------------------------------------ Omegaman <omega@bigeasy.com> PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send E-mail with the "get key" in the "Subject:" field to get my public key -------------------------------------------------------------------