[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: why pgp sucks
>
> if i use a command like
>
> pgp filename
>
> it will automatically figure out the right thing to do with the file. if
> it's encrypted, and i have the key, it will attempt to decrypt it. if it
> contains keys, it will ask if i want to add them to my keyring. if it's
> signed, it checks the signature.
>
> this sucks!
From whose point of view? Remember the thread about Getting things right
v. Getting the software out?
The above way is easier for most people with little computer techie
knowledge. Requiring a whole complex set of commands would mean less
PGP users.
As people get used to it and learn about the issues, key management,
etc. they'll be more willing to use a more advanced version of PGP...
at the very least, they'll eventually RTFM and realize that you actally
have more control of what it can do...
Rob
> if i'm trying to write a program to automatically process incoming mail (for
> instance, to see if it's encrypted with a specific key), i certainly don't
> want to have the possibility of people being able to add garbage to my
> keyring just by mailing it to me.
Have your program check what's in the mail before doing anything with it...?