Hypothesis: PGP backdoor (was: A security bug in PGP products?)
Len Sassaman
rabbi at abditum.com
Sun Aug 27 12:47:24 EDT 2006
On Thu, 24 Aug 2006, Ondrej Mikle wrote:
> 2) AFAIK, Zimmerman is no longer in control of the company making PGP.
> AFAIK the company (NAI) has been bought by another group couple of years
> ago.
The rescue of PGP from NAI's gross neglect and mismanagement of the
product line was orchestrated by individuals involved in the original PGP,
Inc. startup, and lead by respected cryptographic engineer Jon Callas
(also known for being the editor of RFC 2440) and Phil Dunkelberger (the
original PGP, Inc., CEO.) As part of their acquisition of the PGP product
line, they hired (nearly?) the entire PGP programming team, including such
familiar faces as Will Price and Hal Finney.
http://www.pgp.com/company/management.html
As a former NAI employee who worked on the PGP products, I firmly believe
the software is in far more capable hands now from a management
standpoint. As a PGP Universal user, I'm delighted by the significant
improvements in usability that the new management has allowed the
engineering team to make. The myopia of NAI's executives toward the
usability problems in PGP was one of the reasons I quit the company in
frustration.
Also, for what it's worth, Phil was ousted from NAI in 2000, prior to the
discontinuation of NAI's commitment to the PGP product line, but he *is*
involved with the current PGP Corporation, as a member of the technical
advisory board.
http://www.pgp.com/company/boards/tab.html
I also have no question, personally, that if there's a backdoor in PGP,
neither Mr. Callas nor any of the PGP engineers I had the pleasure to work
with know of it. Your theory is indeed wild, and though I don't mean to
discourage vigilance in questioning these sorts of potential subversions
of integrity in software as important as PGP, you might consider doing
more research into the background of people against whom you choose to
levy hypothetical accusations in public forums in the future.
--Len.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list