Matt Blaze says:
PGP suffers from its failure to separate cleanly its primary mechanism (encrypting and signing messages) from policy (what to do with those signed and encrypted mechansims). Without a clean separation, the mechanism is limited to use in those applications narrowly envisioned by the system's authors. [...] Personally, I'd much rather see a suite of tools: an encryption/signature tool (or maybe tools - let me apply them in whatever order is approprate), a decryption verification tool, a certificate management system that operates on messages signed with the signature tool and a top level that glues all this together and implements local policy (like what consitutes a valid signature, key revocation, etc). If we had a system that worked like this,, we could more easily create richer key certificates that specify restrictions on what is being signed, revocation conditions, etc.
I've been saying this for a long time, and I want to triple-reiterate it -- PGP needs to be broken down into simple Unix-philosophy style tools, or it isn't going to be useful in the long run. I'll also note, yet again, that unless PGP quits this bad practice of identifying counterparties only by a number, it is NOT going to be universally deployed. Counterparties need to be identified by a name that can be looked up in the DNS -- meaning "joe@foo.com" rather than some key ident number. Perry