[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: why pgp sucks

To: Derek Atkins <[email protected]>
Subject: Re: why pgp sucks
From: "Perry E. Metzger" <[email protected]>
Date: Fri, 10 Feb 1995 16:41:53 -0500
Cc: [email protected]
In-Reply-To: Your message of "Fri, 10 Feb 1995 16:35:34 EST." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]


Derek Atkins says:
> > Unfortunately, the current PGP practice of using only numeric key-ids
> > in message packets makes it hard to do this -- sigh. I hope that
> > the next version of PGP changes this.
> 
> I doubt PGP will change this in the near future.  That would require a
> major packet format change, and would not be anywhere near backwards
> compatible.  
> 
> I dont consider this to be a big problem.

I do. It means that I can't use PGP for IPSP key management -- period.

> If you limit key lookups in the database to be lookup on userID
> only, that solves your database problem.  As for the keyID->userID,
> well, this would only be required to _verify_ a signature.  In that
> case, you know who sent the message to you so you can ask them for
> the key.  When you want to encrypt to someone, you already know to
> whom you want to encrypt, so the same thing applies.
> 
> I don't see the problem!

Sorry, but I see the problem. If I want to follow an arbitrary chain
of signatures, check arbitrary signatures, etc, I'm forced to go
through kludges or worse. I don't see it as acceptable to just ask
someone for their key, either.

Perry

References:
- Re: why pgp sucks
  - From: Derek Atkins <[email protected]>

Prev by Date: Re: why pgp sucks
Next by Date: Re: Bernstein
Prev by thread: Re: why pgp sucks
Next by thread: Re: why pgp sucks
Index(es):
- Date
- Thread