Re: why pgp sucks

["Perry E. Metzger" <perry@imsi.com>]

Matt Blaze says:
> PGP suffers from its failure to separate cleanly its primary
> mechanism (encrypting and signing messages) from policy (what to
> do with those signed and encrypted mechansims).  Without a clean
> separation, the mechanism is limited to use in those applications
> narrowly envisioned by the system's authors.
[...]
> Personally, I'd much rather see a suite of tools: an encryption/signature
> tool (or maybe tools - let me apply them in whatever order is
> approprate), a decryption verification tool, a certificate management
> system that operates on messages signed with the signature tool and a
> top level that glues all this together and implements local policy
> (like what consitutes a valid signature, key revocation, etc).  If
> we had a system that worked like this,, we could more easily create
> richer key certificates that specify restrictions on what is being
> signed, revocation conditions, etc.

I've been saying this for a long time, and I want to triple-reiterate
it -- PGP needs to be broken down into simple Unix-philosophy style
tools, or it isn't going to be useful in the long run.

I'll also note, yet again, that unless PGP quits this bad practice of
identifying counterparties only by a number, it is NOT going to be
universally deployed. Counterparties need to be identified by a name
that can be looked up in the DNS -- meaning "joe@foo.com" rather than
some key ident number.

Perry