[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: c'punks top 5



Adam Shostack <[email protected]> writes:
>  	Whats wrong with PGPtools?  (A lack of documentation.  Been
>  a while since I looked, but I think it lacked a high level
>  interface.  The low level stuff is great, but on the mac, I can
>  send an Appleevent "Encrypt *file recipient" and, some extended
>  period later, get a response.

It has been a while since I looked too, does it work with the 'new' format  
messages generated by MIT pgp?  Does anyone actually USE pgptools for any  
available applications?  As far as I know, nobody uses it.  If nobody uses  
PGPtools, then what is the reason?  Either nobody really wants a PGP library  
(which isn't true judging from the inquiries on cypherpunks), or something is  
wrong with PGPTools.  Is it the documentation like you said?  Maybe some of  
us should pick up where pr0duct cypher left off and enhance PGPTools.  This  
brings me to another point:

Isn't the file format for PGP supposed to change (I think I remember Colin  
telling me this quite a long time ago)?  If it is, should we bother with  
PGPtools?  What really is the status of PGP 3.0?  Assuming the file-format  
has changed, shouldn't it have been decided by now?  If PGP 3.0 is being  
written on top of a portable generic crypto-library, don't you think this,  
the foundation of the new PGP, would be ready (after a year+ of working on it  
and rumors from developers of PGP 3.0 being out in 6 months?).  There was a  
quick thread on this last week and not a peep was heard...   I really wish  
somebody who had a clue would fill us in on where PGP 3.0 really stands.  I  
have the suspicion that it is not nearly as far as we would like to think.   
If this is the case we should probably get cracking on PGPtools.


>  | 5.  socket-based keyserver interface for real-time automagic key
>  |     fetches
>
>  	Who needs real time?  The servers are often bogged down
>  and don't respond in real time anyway.  The following
>  procmail works fine.  Theres also a short shell script at the end.

When I am checking a signature, I want to be able to check that signature  
right now!  By the time an e-mail request gets back, I'm a 100 articles down  
the line and not interested in checking that signature anymore.  For personal  
mail, or REALLY important news articles, I am willing to wait, of course.

The finger-for-keys server at Illuminati Online is an example of real-time  
key fetching (although last I tried it didn't work...  either it's no longer  
there, or it has moved from wasabi.io.com and I don't know the generic  
hostname for their pgp-keyserver), but to access it programatically would  
require some parsing and such...  A keyserver that watched a TCP port and had  
a very simple protocol (maybe Simple Key Transfer Protocol - SKTP) for  
requesting keys, would be keen.

Maybe auto-key fetching isn't something we need to concentrate on...  I was  
just throwing out some ideas...


andrew