PRZ Announces Depature From NAI 91
The message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A note to PGP users:
As most PGP users know, Network Associates Inc (NAI) acquired my company, PGP Inc, in December 1997. For three years after that, I stayed on with NAI as Senior Fellow, to provide technical guidance for PGP's continued development, and to ensure PGP's cryptographic integrity. But I can't stay on forever. In the past three years, NAI has developed a different vision for PGP's future, and it's time for me to move on to other projects more fitting with my own objectives to protect personal privacy.
Let me assure all PGP users that all versions of PGP produced by NAI, and PGP Security, a division of NAI, up to and including the current (January 2001) release, PGP 7.0.3, are free of back doors. In all previous releases, up through PGP 6.5.8, this has been proven by the release of complete source code for public peer review. New senior management assumed control of PGP Security in the final months of 2000, and decided to reduce how much PGP source code they would publish. If NAI ever publishes the complete PGP 7.0.3 source code, I am confident that the public will be able to see that there are still no back doors. Until that time, I can offer only my own assurances that this version of PGP was developed on my watch, and has no back doors. In fact, I believe it to be the most secure version of PGP produced to date.
While it is true that NAI holds the PGP trademark and the source code for the NAI implementation of PGP, I'd like to point out that PGP is defined by an IETF open standard called OpenPGP, embodied in IETF RFC 2440, which any company may implement freely into its products. I will be working with other companies to support implementations of the OpenPGP standard, to turn it into a real industry standard supported by multiple vendors. I think the emergence of more than one strong commercial implementation of the OpenPGP standard is necessary for the long term health of the PGP movement, and will, incidentally, ultimately benefit NAI.
To this end, I will be assisting the makers of HushMail, Hush Communications (http://www.hush.com), to implement the OpenPGP standard in their future products. They will be doing their own announcement of this new relationship.
In addition, I will be assisting Veridis (http://www.veridis.com), a recent spin-off of Highware (http://www.highware.com), to create other OpenPGP compliant products, including software for certificate authorities for the OpenPGP community.
I am also launching the OpenPGP Consortium (http://openpgp.org), to facilitate interoperability of different vendors' implementations of the OpenPGP standard, as well as to help guide future directions of the OpenPGP standard.
This coming June marks the 10 year anniversary of the 1991 release of PGP to the public. PGP was originally designed for human rights applications, and to protect privacy and civil liberties in the information age. By proliferating the OpenPGP standard, we can renew that promise, and continue the commitment to personal privacy that captured the imagination and participation of millions around the world.
Philip Zimmermann
19 Feb 2001
prz@mit.edu
http://web.mit.edu/prz
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3
iQA/AwUBOpDtWmPLaR3669X8EQLv0gCgs6zaYetj4JwkCiDSzQ JZ1ugMhqsAoMgS
me78KR5VEfCVEUFpwOCCk8Tx
=JVF2
-----END PGP SIGNATURE-----
--
--------------------------------------------------
ESR! RMS! (Score:1)
Re:RETRACTION (Score:1)
More disturbing to me is that the key used to sign that message (as found in c.s.p.d) had an invalid self-signature when I yanked it off the keyservers.
Can anyone confirm that Zimmerman normally uses that key? Does anyone have a valid version of it?
Re:PGP vs. SSH (Score:3)
I get a feeling of "the PGP spirit will move on in OpenPGP not PGPclassic" from the letter though that NAI won't be happy at at all - I would say the real world value of PGP just halved for them....
--
PRZ's signature is *NOT* valid (Score:1)
Now, I'd probably wager, say, a cup of coffee that PRZ actually did sign this note and that it's Slashdot that mangled the signature...but, frankly, what's the point of posting a PGP-signed message--by the creator of PGP, no less--if that signature simply cannot be verified?
It would be appropriate for somebody to post the note in such a way that the signature can be verified. 'Til then, my faith is as a cup of coffee....
b&
Re: How to verify (Score:1)
Re:Polite Insults (Score:2)
__________________
Re:I'm glad he pgp-signed his message, (Score:5)
--
A verifiable copy of the original (Score:2)
...is posted at http://www.pobox.com/~agreene/pgp/prz_leaves_nai.t xt [pobox.com]
Re:PGP vs. SSH (Score:1)
Re:Wonder if he regrets selling out? (Score:1)
--
Re:We need this more than ever now (Score:1)
That was Version 1.0 and I downloaded it to Germany and started on a port.
Re:PGP vs. SSH (Score:1)
what if posts under your userID started showing up badmouthing the company you work for, and praising kiddie porn, and threatening to kill the president? You would have a rough time fixing that. GPG signatures would make it easy to prove you didn't do it.
False. Sorry to say it like this, but IMHO it's an important mistake. Signatures CANNOT prove you DIDN'T write something. It's very well possible that you DID make those 'evil' posts you mentioned, but signed them with a different key that nobody knows about.
Re:PRZ's signature is *NOT* valid (Score:1)
*** PGP Signature Status: good
*** Signer: Philip R. Zimmermann <prz@pgp.com>
*** Signed: 2/19/01 1:54:34 AM
*** Verified: 2/19/01 1:11:18 PM
Re:GnuPG (Score:2)
I was hoping the same thing.
It should also be noted that GnuPG is really coming along, and that the Gnu Privacy Assistant is under heavy development right now and is weeks away from some pretty stable releases.
Werner ported Sylpheed to Windows and will soon release a security suite which will include GPG, GPA (kinda like PGP Keys), WinPT (like PGP Tray), and Sylpheed. These will be all within one install program and will finally make using GnuPG under Windows more accessable to non-geeks.
Rich...
Re:PGP vs. SSH (Score:2)
Errr... no. The last thing that an industry consortium would want to do is write a competitor to the products of its member. The most they would do in this regard is produce a reference implementation (like the one I wrote when I was reviewing RFC 2440 prior to IETF submission) which while correct isn't practical, or to serve as a test-bed for new features before they're implemented properly in a real product like GPG.
But the actual purpose of the consortium is to ensure that PGP, GPG and your hypothetical browser plugins all worked together, and to put a more formal face behind the IETF OpenPGP working group to push the standard forward even further, as well as related projects which PGP enthusiasts want to see happen like PGP/MIME, PGP/Ticket, integration of PGP with biometrics and so on. This is a good thing for the PGP standard.
Awesome for Hushmail. (Score:1)
Now it looks like it will be better than ever.
Re:Is he attacking NAI? (Score:2)
Re:The tone is a little disconcerting (Score:2)
Re:Ugh, what's with the acronyms? (Score:1)
It's not so much an acronym as a nickname. Actually, it's a sort of honorific. The convention is long standing. It's a way of paying tribute to a person of significance. Everyone knows your full, legal name. Only a person of note becomes known simply as "rms" or "dmr" or "ken".
Mechanical? No. It's more human and personal that just referring to his formal name. It shows that you recognize his contribution and that you have some knowledge of the person beyond his name.
Re:Privacy is a myth, so are freedom & justice (Score:1)
Privacy is just a means to some end - be it good or bad. Nor is it truly necessary to pursue alternative lifestyles - unless those lifestyles involve imposing on others. Which certainly butts up against the "freedom" issue, doesn't it? Lack of privacy just changes the rules of the game, and makes things difficult for those who have been screwing others over.
Openness dramatically enhances justice and equality. And a diverse society will demand both freedom and equality. While the intolerant may demand that people adhere to their rules, they'll be held to them too, so the rules can't be that strict and if unpopular how will they get people to follow them?
As for people so weak-brained that they automatically conform to the expectations of the powerful... who cares? That's their problem.
cryptochrome
Re:HOW ARE YOU GENTLEMEN??? (Score:1)
HOW ARE YOU GENTLEMEN!!
ALL YOUR BASE ARE BELONG TO US.
Re:Ugh, what's with the acronyms? (Score:1)
Re:I'm glad he pgp-signed his message, (Score:3)
However, since the message was changed in formatting to HTML, the signature cannot be easily verified. You'd have to get back to the original file contents exactly, line breaks and all. Did he submit those URLs with [a href=""] tags, or did the slashdot editor insert them?
Not that it's likely very useful for Slashdot itself, but Slash and other should probably have a mechanism for "submit by file upload" and "read original submission file," so that more people can use signed content on the web. Slash already has a place for you to announce your PGP key [mine is posted], but the lame word-wrapping feature inserts a column of spaces.
It would also avoid some of that ugly "id so-and-so is the real User; everyone else is an impostor" check, by the way. Bruce Perens and anyone else who thought they were being forged could digitally sign their submissions.
Re:Is he attacking NAI? (Score:2)
And as for whether or not he should stick around: There's only so much you can do at a job you don't like/enjoy any more (whatever that job is) before you're simply not in the mood to try anymore -- at which point your effectiveness is going to head 'way down, and you might as well just leave anyway. There was the article here a while back with the question from the CTO of a sinking company: Do I stick around to save my friends, since everything is riding on me, or do I leave this job that I no longer enjoy and head for greener pastures? The response was pretty much unanimous then: Go, 'cos sticking around in a job you don't like is no fun, and you won't be any good anyway. I'd say the same advice applies here.
And anyway, if you've trusted him on the no-backdoors thing this long, why switch now to less-secure products just because he's leaving? He's already given his word (which presumably you've already trusted, in combination w/code reviews, peer opinions, etc) on version whatever-it-was -- why not just keep using that? Or is NAI going to reach out and put some kind of backdoor in your already-downloaded, already-compiled software?
He hasn't "cut and run at the first hurdle". The guy was gonna get sued by the US Gov't for publishing his software. If you require more of him, I suggest you at least provide the crucifix yourself.
Re:Is he attacking NAI? (Score:3)
Well, that may be best for us (the community), but Phil is entitled to a rewarding life of his own. Maybe he just felt he was pissing into the wind at NAI, and that he'd be happier and more productive elsewhere.
It is after all -his- life, not ours
EZ
'The truth is out there.. but the lies are all in your mind.'
Re:call me an idiot, (Score:1)
adj.
Polite Insults (Score:2)
Now that is interesting wording. Zimmerman doesn't actually say that 7.0.3 doesn't have back doors. Is he being coy, or does he just consider "trust me on this" to be too hypocritical?
It seems to me that Zimmerman is being about as rude as he can be without getting sued. Closed-source encryption software is seriously out of fashion, and probably every reputable security expert, including Zimmerman, thinks NAI just shot themselves in the foot. As a recent NAI employee, Zimmerman can't express himself freely, but he can lay out some objective facts and let people draw their own conclusions.
__________________
Re:Is he attacking NAI? (Score:1)
Oh well, time will tell.
On a different note, does anyone know of a product which offers the functionality of the PGP SDK? (Please don't point me to GNUPG)
BTW, I did spell "depa[r]ture" correctly in my submission
Re:Ugh, what's with the acronyms? (Score:3)
--
Re:Future Backdoors ? (Score:1)
Repeat after me, citizen. The NSA does not exist. The NSA does not exist. There is No Such Agency.
Re:Future Backdoors ? (Score:2)
He's not saying that they're putting in back doors, he's just saying that they could do it, since they aren't going to disclose the full source code. And when dealing with security, the merest possibility that something can happen, must be treated as though it will happen.
It's the "No source == 10 backdoors in every line of code" interpretation.
---
Re:Is he attacking NAI? (Score:1)
On the contrary, the way I see it, he is accepting a difficult situation in order to avoid compromising his principles.
It sounds like the decision is out of his hands (he tried fighting and lost), and now he has to either do the wrong thing, or leave. He's leaving.
---
Re:PGP vs. SSH (Score:3)
On the other hand, if the OpenPGP consortium works with Hushmail, Zero Knowlege, and all the other companies out there to try to make secure email interoperable, that would be very, very nice.
I'm sure the NSA,CIA,FBI, and others get the giggles every day they decrypt email and think "Damn, these people are dumb! PGP has been out there in the world for years now, and almost nobody uses it!"
But frankly, it's a pain to use because it isn't integrated into enough software. For example, it would be nice if you could attach an OpenPGP signature to the text you put into an on-line form in Mozilla - like I am right now. Then we could have secure-signed Slashdot postings. Why? It's not like Slashdot's cookie-based login system is very secure - not that it was ever claimed to be - but if hacked into Slashdot (again) and managed to steal some username/password combinations, they could do a lot of damage to some people's reputations. I'm not talking about karma loss here - what if posts under your userID started showing up badmouthing the company you work for, and praising kiddie porn, and threatening to kill the president? You would have a rough time fixing that. GPG signatures would make it easy to prove you didn't do it.
And if my W2K box at work supported OpenPGP in Outlook, that would be nice too. So, I wish the best to Phil Katz and the OpenPGP consortium, as long as they don't bother to reinvent the Gnu Privacy Guard wheel. Look for innovative ways to add Open-PGP signatures to everything!
Torrey Hoffman (Azog)
Re:Is he attacking NAI? (Score:2)
Not necessarily. If he stays on as an employee of NAI, he could continue to fight against the opening of back doors in the software, but if (when) he loses those fights, he would probably be bound by NDAs and non-compete clauses and the like from publicizing them, and the community at large would have no recourse but to assume that since he is an still an employee, that the product remains true to his original vision, which may not be the case.
Phil is smart and seems aware that the public cannot wisely trust a closed-source security program, and he is stating that he does not wish to continue endorsing it by associating himself with the company that publishes it. I congratulate his courage in leaving a (probably) lucrative corporate position on this principle. Instead, by going to work on the OpenPGP standard, and doing consulting services for other companies who wish to integrate open-standards PGP into their products, he is insuring that peer-reviewable privacy software continues to be available to the public at large.
If he was cutting and running at the first hurdle, he'd stay with NAI, and keep his paycheck, despite the fact that they were making the software less free. Instead, he's making a rather large personal sacrifice to ensure that PGP remains a security system we can trust, even if we can't necessarily trust NAI's implementation of it.
Ask PRZ about it in person... (Score:2)
Is the message a fake? Is it real?
What does this all mean for the future of privacy on the Internet?
Get your answers straight from the man.
Re:Polite Insults (Score:1)
I wouldn't be overly surprised if NAI sold backdoors to either MS or NSA or KGB or whoever is able to pay enough. So, I am not overly surprised that Zimmerman left the ship.
(now I wonder whether *that* insult was polite...)
Re:Is he attacking NAI? (Score:1)
-N
PGP trademark vs openPGP? (Score:1)
Re:I'm glad he pgp-signed his message, (Score:2)
Here's [mit.edu] the real message...
Re:The tone is a little disconcerting (Score:2)
Re:Future Backdoors ? (Score:1)
So, there is the merest possibility that decryption can happen, still everybody is assuming that it won't happen.
BTW, I agree on your "No source == 10 backdoors in every line of code" interpretation. Just another reason, not to use products of NAI.
The tone is a little disconcerting (Score:1)
PGP vs. SSH (Score:3)
Maybe I'm reading that wrong, but I wonder how that plays with the whole "SSH the Product" vs. "SSH the Protocol" debate?
Is he attacking NAI? (Score:3)
Seems to be as though this letter contains hints of bitterness over having to leave, and that the vision he had for PGP and NAI's vision were somewhat different. The comments about source code and backdoors seem to indicate that he thinks NAI aren't going to be opening the code for review in the future.
Surely he'd be better off staying within NAI and fighting to ensure that the code remains free from backdoors? It seems as though he's willing to compromise his principles to get out of a difficult situation, and it means that many of us are going to have to switch to other, less secure versions that we at least know are free from holes.
When it comes to ensuring freedom you can't just cut and run at the first hurdle...
ssh (Score:2)
Can he do that? (Score:2)
He'll be moving on to help other companies produce implementations of the OpenPGP standard. Don't most companies' employment contracts include a provision that you agree not to go into business in direct competition for n years afterwards? And wouldn't a competing implementation of the OpenPGP standard count?
Perhaps he didn't have a contract like that; since he started PGP the company himself, he presumably didn't bother to write himself a daft contract then, and maybe NAI didn't impose one on him when they bought him...
I'm glad he pgp-signed his message, (Score:3)
blah.
We need this more than ever now (Score:1)
Re:Is he attacking NAI? (Score:2)
Re:Is he attacking NAI? (Score:3)
I have to dispute Phil's decision and future plans as being a compromise on his principles, though. He's moving from trying to ensure NAI's PGP as a secure product to trying to ensure everyone's OpenPGP implementation is a secure product. Additionally, he's trying to make using OpenPGP a more realistic option for everyone, something that the industry could probably use considering that about one e-mail in a hundred that I read has been signed and none of my associates has ever used PGP. He still wants to push freedom; he's just moved his focus from one commercial product to any software willing to embrace an open standard.
Re:Polite Insults (Score:2)
RETRACTION (Score:1)
Hash: SHA1
A note to PGP users:
It has come to my attention that there is an article in this forum which has been incorrectly attributed to me. The forger even went so far as to include a PGP signature with the post.
Unfortunately, the PGP signature is meaningless in this situation, as it has simply been pasted in place from an email I previously sent. The smoking gun is in the line of dashes directly following the words 'END PGP SIGNATURE'. There are five dashes, followed by a single space, the two more dashes, another space, then the remainder of the dashes.
Philip Zimmermann
19 Feb 2001
prz@mit.edu
http://web.mit.edu/prz
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3
iQA/AwUBOpDtWmPLaR3669X8EQLv0gCgs6zaYetj4JwkCiD
-----END PGP SIGNATURE------
--
Re:Ugh, what's with the acronyms? (Score:1)
Re:Future Backdoors ? (Score:2)
How to check for backdoors (Score:1)
It is not _that_ complex.
> strings
>
Cheers,
--fred
Re:ESR! RMS! (Score:2)
So you don't exist.
So there's nothing for me to reply to.
So this comment doesn't exist.
Now i'm confused.
Re:Is he attacking NAI? (Score:2)
I read alot of bitterness in this letter, let me explain. if you have ever watched Congress or parlament (the UK version) then you will see a trend. Evertime one senitor is about to diagree with a point someone else makes he usually starts with something like "my good Friend" or" he really is a great guy but..." you see the first part( or rather the best way ) of presenting a contray point is to show that you don't want to attack the person but the isdea. He is smart to say as little as he did, and it does tell me alot about what he wanted to say. if he just wanted to leave NAI he would have said,"they are a great group of guys but I want to try some other things"or" my kids are killing me to play ball" instead he made it a point to bring up the backdoors, that is very telling to me. or I'm just paranoid.
________
I think you may be right (Score:1)
I thought this too.
Re:Polite Insults (Score:2)
He does say that *as far as he can tell and as far as he could try*, it is good.
Come on dude, would you say flatly and point blank that your code is bug free, or would you rather say "if you looked at the source, I am confident that you won't find any bugs".
He also seems to be implying "I would like to make the source public, but the new bosses don't. So I am leaving to go make open systems" If that is so, Yay Phil!
Good riddance! About time (Score:2)
Most of the people I know who use PGP stuck with 2.--the last pre-NAI version--until GPG came along. Nobody uses NAI PGP.
Nobody trusts NAI.
Nobody likes the NAI license agreements.
In short, NAI did more to SLOW DOWN the widespread use of PGP than any government ruling or censure. Almost makes one wonder what their agenda _really_ was for all of those years.
Anyways, congrats to Phil for getting away from those bastards.
Doesn't matter... just use GPG. (Score:1)
I think it is great that OpenPGP exists so that Gnu Privacy Guard can exist without any patent violations. That said there is no reason for any other PGP implementation to exist. Without source code a crypto impl is not worth the paper it is printed on (considering it isn't printed... this isn't much). Even if Phill Z. himself went over the code for 7.x, NAI can still add a back door right before they ship and Phill will never know. The only crypto you should EVER trust is crypto which you compile yourself and has been audited and signed by experts.
I think the issue is that of money. Zimmerman wants to get paid to work on PGP but only the closed source people are currently willing to do that. Crypto and privacy people have always had revenue stream problems. Most people don't care about their privacy so they don't buy PGP. Crypto is a loosing leader for other markets and I think we should apply our focus there.
Kevin
Re:Doesn't matter... just use GPG. (Score:1)
Re:Is he attacking NAI? (Score:2)
The integrety of crypto software is ensured by peer review. It's the only way you can be sure. If it's not peer reviewed, you have to assume it's flawed, it's as simple as that. NAI's decision to not release complete source to their latest version of PGP severely underminds their credability, and if they were unwilling to do so, I don't see that PZ had any choice but to part company with him.
More power to him for voting with his feet.
--
Remove the rocks to send email
GnuPG (Score:1)
Scott
hacker
sboss dot net
email: scott@sboss.net
Re:PGP vs. SSH (Score:1)
Re:PRZ's signature is *NOT* valid - YES it IS! (Score:1)
that's him all right. i verified it myself using the plain text version. bad
no back doors "now" (Score:1)
PZ has been a hero for many, but it's obvious that his motives where questioned when he joined CAI.
I'd like to see him working with the GPG folks.
Re:The tone is a little disconcerting (Score:5)
If I was NAI, I would take this as a pretty devestating blow - although PKZ is only saying "I can't guarantee future versions won't be backdoored" it *will* be read as "I left because future versions WILL be backdoored" and may well cost NAI major market share. Certainly, an OpenPGP "approved and checked by PKZ" labelled product will have a higher confidence-factor than something PKZ openly turned his back on....
--
Re:Can he do that? (Score:2)
So NA wouldn't have much of a legal leg to stand on with regards to enforcing any sort of IP agreement with PRZ, neither he nor NA owns the IP.
-josh
Privacy is a myth, even the pretty good kind! (Score:2)
No matter how well you think you've hidden something, somebody can always find it, and chances are they wouldn't tell you about it. Insisting on privacy just makes it easier for orgs with the resources to watch you in secret with time-honored techniques like traffic analysis and good old fashioned spying.
For more info you should read David Brin's The Transparent Society [kithrup.com].
cryptochrome
Re:RETRACTION (Score:1)
Good One, you even forgot to post anonymously.
For those stoopid enough to believe this (troll) go check on comp.security.pgp.discuss
Re:Can he do that? (Score:3)
--
Re:Future Backdoors ? (Score:1)
Re:Polite Insults (Score:1)
He does: go back and read the *entire* paragraph -- especially the first part, where he says "up to and including 7.0.3 have no back doors". We are just supposed to trust him because we can't see the source. I'm inclined to do so...
-bluebomber
Re:RETRACTION (Score:1)
--
Can't trust the guy... (Score:3)
;)
Heh! (Score:3)
I wish it had more of an API for incorporating it into other software though (Maybe it does and I just missed it...)
Re:Future Backdoors ? (Score:1)
Really? News to me. Examples? Or are you just recycling that old 'NSA_KEY' FUD?
--
If the good lord had meant me to live in Los Angeles
Re:Future Backdoors ? (Score:2)
Whilst that doesn't rule out a -division- of the NSA working in the opposite direction, I think that (as a whole), they've got the message that security comes from within.
Re:PGP vs. SSH (Score:1)
(Also of note: Zimmerman has likely made his millions. The SSH team hasn't yet.)
Re:Ask PRZ about it in person... (Score:1)
Re:Future Backdoors ? (Score:1)
Given the immensity of human experience I think we can assume that any subjects covered by an intelligent man in a short note are there for a reason.
Given that he belabors the "trusted" versions and makes note of "different visions" I think you could safely bet large sums of money on backdoors in future versions and not lose any sleep over it.
Re:Ugh, what's with the acronyms? (Score:2)
Yes, I was too lazy to look up their middle names. Sue me.
Re:PRZ's signature is *NOT* valid (Score:2)
Through its decision to withhold source code for PGP versions 7.x and upwards, Network Associates, Inc. has demonstrated that neither it or its products can be trusted.
shg
PGP Keys available at www.nzgames.com/pgp.html
Re:Can he do that? (Score:1)
Non-compete clauses aren't valid in California.
PGP is too big (Score:1)
Another problem is that many of the features in OpenPGP are difficult to implement. With PGP 2, the trust associated with a key can be calculated using Dijkstra's algorithm. With OpenPGP it is much harder because when signing you can say in what circumstances the signature is valid. So instead of each key having a fixed trust value, it can have a potentially unlimited number of trust values for different situations.
Finally, all versions of PGP are too hard for novices to use. I wrote whisper [234.cx] to provide an easier way for novices to encrypt messages. You can use Whisper even if you are just a Microsoft Office person. You won't get any fancy crypto technology though (unless AES counts). Whisper is GPL'd.
Ugh, what's with the acronyms? (Score:2)
Ugh, we seem to be having the same problem with Richard Stallman.
Future Backdoors ? (Score:2)
Re:I'm glad he pgp-signed his message, (Score:1)
Wonder if he regrets selling out? (Score:2)
At least PRZ has the fact that it is an open standard to fall back on. He can go back and dupilcate the work he has already done - but still, it's seems an unneccessary waste of resources.
-josh
Re:Is he attacking NAI? (Score:1)
It would seem to me that if they're free from holes, they're *more* secure. If you don't trust the product, it isn't secure, I don't care what features it has.