[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: why pgp sucks
Derek Atkins says:
> > Unfortunately, the current PGP practice of using only numeric key-ids
> > in message packets makes it hard to do this -- sigh. I hope that
> > the next version of PGP changes this.
>
> I doubt PGP will change this in the near future. That would require a
> major packet format change, and would not be anywhere near backwards
> compatible.
>
> I dont consider this to be a big problem.
I do. It means that I can't use PGP for IPSP key management -- period.
> If you limit key lookups in the database to be lookup on userID
> only, that solves your database problem. As for the keyID->userID,
> well, this would only be required to _verify_ a signature. In that
> case, you know who sent the message to you so you can ask them for
> the key. When you want to encrypt to someone, you already know to
> whom you want to encrypt, so the same thing applies.
>
> I don't see the problem!
Sorry, but I see the problem. If I want to follow an arbitrary chain
of signatures, check arbitrary signatures, etc, I'm forced to go
through kludges or worse. I don't see it as acceptable to just ask
someone for their key, either.
Perry