[7736] in cryptography@c2.net mail archive
Re: reflecting on PGP, keyservers, and the Web of Trust
daemon@ATHENA.MIT.EDU (Ed Gerck)
Fri Sep 1 16:42:05 2000
Date: Wed, 30 Aug 2000 09:34:22 -0700
From: Ed Gerck <egerck@nma.com>
To: Greg Rose <ggr@qualcomm.com>
Cc: cryptography@c2.net
Message-id: <39AD378E.810E226C@nma.com>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7bit
Greg Rose wrote:
> I was an early adopter of PGP, and put a lot of effort into advancing the
> Web of Trust. I use PGP actively on a daily basis. Nevertheless, I have
> been disillusioned for some time, and today's fun prodded me into writing
> this. Here is a list of things which I consider to be problems with "the
> PGP Scene":
I discussed these problems (and others, listed in http://www.mcg.org.br/cert.htm)
with the PGP management during two week-long visits a former Director and
their security architect made to myself while I was in Brazil in 1997/8. Some
of the problems I mentioned have been solved, others have remained. Some solutions
are indicated in the cert.htm paper, including the question of central administration
with its pros and cons. I think that PGP is a fine program for communication within a
small circle of friends but, beyond this which was the initial goal anyway, PGP does
not have the capabilities to do the job. However, PGP could be used as a component
in a system that would provide for a wider usage scope -- which, however, would require
IMO a radical re-design of the web-of-trust. Even though the web-of-trust seems to be
a pretty good part of PGP, IMO it is actually it's Achilles heel.
BTW, many lawyers like to use PGP and it is a good usage niche. Here, in the
North Bay Area of SF, PGP is not uncommon in such small-group business users.
Cheers,
Ed Gerck
