[7743] in cryptography@c2.net mail archive
Re: reflecting on PGP, keyservers, and the Web of Trust
daemon@ATHENA.MIT.EDU (Dave Del Torto)
Tue Sep 5 16:18:29 2000
Mime-Version: 1.0
Message-Id: <p05001150b5d685d1904d@[192.168.0.70]>
In-Reply-To: <14768.25904.869131.577243@desk.crynwr.com>
Date: Sat, 2 Sep 2000 03:28:08 -0700
To: Russell Nelson <nelson@crynwr.com>
From: Dave Del Torto <ddt@openpgp.net>
Cc: cryptography@c2.net
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
At 11:14 pm -0400 2000-09-01, Russell Nelson wrote:
>Ed Gerck writes:
>>Even though the web-of-trust seems to be a pretty good part of PGP,
>>IMO it is actually it's Achilles heel.
>
>Nope. Usability is its Achilles heel. PGP needs to be wrapped in
>something, and yet it's not really designed to be wrapped. Even if it
>were, PGP, Inc. changed the interface! Doh! And then there's the
>whole encryption method problem.
>
>No, web-of-trust as a problem is way down there on the list.
Actually, you're both right (or wrong, if you prefer you glass
half-empty ;) it's the poor tools for key management of other
people's public keys that is the Achillies heel, especially since the
integration with seriously kick-ass keyservers is still not there. Of
course, that's also a UI problem, but if you solve it, the
ciphersuites (key types) "encryption method" problem lbasically goes
away. Transparent key management, guys. Everything is a key
management problem from now on.
dave
