[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: why pgp sucks




Hal says:
> "Perry E. Metzger" <[email protected]> writes:
> >I'll also note, yet again, that unless PGP quits this bad practice of
> >identifying counterparties only by a number, it is NOT going to be
> >universally deployed. Counterparties need to be identified by a name
> >that can be looked up in the DNS -- meaning "[email protected]" rather than
> >some key ident number.
> 
> PGP of course looks up keys by strings in addition to numbers.  A widely
> accepted practice is to use <[email protected]> in the user ID which allows the
> lookups to be by internet address.

The problem is that incoming messages are tagged with the number, not
the string. You can't check the signature if you don't have the number
in your own database. Global databases don't scale. Distributed
databases like DNS do scale. DNS style naming doesn't hurt non-DNS
users, so its a shame that it isn't there -- I, for one, can't specify
PGP style keys in the internet key management system I'm working on
because of this.

Perry