PGP 2.6 and the future

[Perry E. Metzger]

Allan Bailey says:
> I'm willing to wager that 2.6 (and maybe 2.5) MIT'd PGP versions
> are hacked by the NSA to put in a backdoor.
>                                 ^^^^^^^^^^ (emphasis added.)
> 
> I'll bet you a C-note, Perry.

Done for $100.

> Now how do you propose to prove or disprove this?

The commonly selected way to settle such things is to select a neutral
referee to adjudicate based on available evidence. The source code is
public, so it should it should be trivial to read it and make a
decision as to whether anything untoward has been done. I'll accept
any reasonably expert referee -- my selection of choice would be Hal
Finney since he is a well known cypherpunk, is strongly familiar with
the code and would recognise any tampering. Tampering may be defined
given what you are claiming as the presense of what a reasonable
cryptographer would refer to as a "back door". If you have any other
suggested neutral third parties with requisite skill I'll happily tell
you if they are acceptable. Once we've settled on a judge and they've
accepted the charge (we may need to pay the person for their time), we
present our evidence to the person and allow them to make a decision.

I'll happily bet any larger sum, too, if you like. I'd also request
that a neutral third party hold the stakes. At your choice the party
can be the judge or another individual mutually acceptable.

Perry