Newsgroups: sci.crypt
Path: cactus.org!cs.utexas.edu!math.ohio-state.edu!jussieu.fr!univ-lyon1.fr!
+     swidir.switch.ch!scsing.switch.ch!news.dfn.de!news.belwue.de!zib-berlin.
+     de!netmbx.de!Germany.EU.net!EU.net!uknet!festival!dcs.ed.ac.uk!pdc
From: pdc@dcs.ed.ac.uk (Paul Crowley)

Subject: Re: Block Mixing Transformations
Message-ID: 
Sender: cnews@dcs.ed.ac.uk (UseNet News Admin)
Organization: Edinburgh University
References: <1994Mar13.051515.27175@cactus.org> <2m7ong$6vr@news.umbc.edu>
+           <1994Mar16.222350.179@cactus.org>
Date: Thu, 17 Mar 1994 11:08:02 GMT
Lines: 85

Quoting ritter@cactus.org (Terry Ritter) in article <1994Mar16.222350.179@cactus .org>:
> Why use Penknife?

>      1)  Most businesses and even some individuals take patent
>          infringement seriously.  Penknife is offered by the
>          patent holder.

ViaCrypt PGP is offered by people licensed to use both patents involved.

>      2)  Most businesses and even some individuals prefer to pay
>          for software, to get some level of seriousness and
>          accountability in products they depend on.

I have usually found free software as widely available as PGP to be more
reliable and solid than commercial products, simply because the source
has undergone such extraordinary scrutiny and widespread testing by
knowledgeable and demanding users.  And if you buy from ViaCrypt you'll
get their professional commitment to the software they sell.

>      3)  Penknife includes a distributable commercial-demo form--
[snip]

What's the point?  If you don't know what a cryptosystem does, why are
you buying one?  You don't use commercial demos to evaluate strength.

>      4)  Penknife does not create ciphertext blocks that scream
>          out "I am in cipher; I am PGP; take me, I'm yours."

Free software exists to convert PGP to several steganographic formats,
including embedding into JPEG.

[5) PGP allows the use of unvalidated public keys]

Validated by who?  PGP has an highly sophisticated and flexible key
signing system, certainly suitable for any application I can think of.

[6) Private key cyphers are sometimes good]

What's the point?  They'll never be as convenient as public key systems.

[8)  Advanced Penknife supports central key-management]

...which is pretty much against PGP's design philosophy!

[7) and 9) Advanced Penknife has various features]

...that PGP also has.

[10)  Advanced Penknife supports sending large binaries on the Internet]

A palpable hit!  PGP isn't yet designed to work as an expensive version
of tar and uuencode, no.

Thanks, but for all these "features" you're asking us to give up the
well-understood security of PGP.  I know where my money is---except of
course I didn't spend any...

(from another post)

> But since this is apparently the sole remaining issue of
> disagreement, my thanks to Crowley for conceding [...]

Don't be silly.  I don't always go in for point-by-point refutations
like this, that's all.

>>In the way you format your articles, you give yourself airs.
>
> The way I format my articles shows that I've spent more than
> five minutes on the project.  It organizes the thoughts.  It also
> provides references to, and indication of, the sources I had.

I'm all in favour of putting work and research into articles posted
here.  But there's no point in, for example, giving an article an
abstract when it will disappear from everyone's news spools in a few
days.  Usenet is a transitory medium, and so it simply isn't suitable
for the sort of "papers" you want to post to it.  It would make more
sense to make the paper available by FTP or WWW and post a URL so that
it will last for more than a week.

> That is Science.  I recommend it.

No it isn't; it's just pomposity.
  __                                  _____
\/ o\ Paul Crowley   pdc@dcs.ed.ac.uk \\ // 42A47697 54144EA4 BACFA9FD C9433347
/\__/ Trust me. I know what I'm doing. \X/  WWW: http://tardis.ed.ac.uk/~pdc/