A couple of ideas for PGP-based programs
-----BEGIN PGP SIGNED MESSAGE----- I am posting these ideas here before I annoy the people who will probibly implement them just to see if they have much merit... (If this is incoherent it is because of the late night posting, but I want to get it done while the thoughts are still there...) Maybe some of this will occur after PGP 3.0 is released. (That is, if the universe has not cooled down into a small lump of coal before then...) 1) Something I would like to see on the keyservers for PGP is a way of retreving all of the key revokations since x date without having to get all of the keys since that date. I hate having to check each key every so often to see if it is revoked. It would make it alot easier to avoid using compromised or old unused keys. 2) I would like to see a program like private Idaho have the ability to send mail to the key server and grab all of the "unknown signator" keys. This would have the interesting effect of building a more complete keyring, while using the "web of trust" to weed out alot of the bogus keys that tend to crop up on the key servers. After n number of itenerations you would have more of the "important keys" and the ones that have little or no signage would be left to grab when needed. This would avoid the need to grab the entire key database. (In fact, it would make it desirable NOT to...) More later when I am not so tired... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMO5PTOQCP3v30CeZAQET8wf/WI8o18pAol3HcN8j+EZyM7aIkPRFg/EQ IYU+J8c5UrXrHDyUY+lZI11Ip2CgXfL/9ER6+vJ/xKPRfNOYnzOe+53FIOKbhJ0U VPGCJYi7tbIpqBB+SHJe555fijEeGAORMvGqCVosb+KKsZQvQP5SHGK3zsy9rBP+ ojkM3AyJs5uyia4pAjV1Zz3DfxEgMPvBPtqXObN32FVbAq7hGmscDKNHEJ7ifO7H xQiMWyzPJgWdUttdoi9ko7kFYLzze4472hEGNV9DbFZMlpVn6Eex9Hhz/wq20j4i mgfyjU3GF+6+OY8KgkXU79FYKkZYqa019uCuPk50cgRdUZsI1BLyHA== =ImCD -----END PGP SIGNATURE----- Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction `finger -l alano@teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "Governments are potholes on the Information Superhighway." - Not TCMay
-----BEGIN PGP SIGNED MESSAGE----- Hello cypherpunks@toad.com and Alan Olsen <alano@teleport.com> ...
1) Something I would like to see on the keyservers for PGP is a way of retreving all of the key revokations since x date without having to get all of ...
Probably a good idea (that, and/or have a mailing list with key revocations). How about it, keys.pgp.net people?
2) I would like to see a program like private Idaho have the ability to send mail to the key server and grab all of the "unknown signator" keys. ...
This is very easy, at least in Unix: pgp -kvv, grep, cut, for. In DOS, you can do pgp -kvv and find, then edlin to change every "sig" into "call getkey", call the resulting (batch) file, which will call GETKEY.BAT for every missing key. I hope. However, I don't see much of a point to it: these are people you don't even know the keys of; how are you going to know whether they are trustworthy? (The Web-o-Trust can only tell you who they are, not whether to trust them.) ...
This would have the interesting effect of building a more complete keyring, while using the "web of trust" to weed out alot of the bogus keys that tend to crop up on the key servers. After n number of itenerations you would have more of the "important keys" and the ones that have little or no signage would be left to ...
No, you wouldn't. You would tend to have the keys that sign a lot of other keys, which would include both SLED (Four-11) and a lot of careless people that sign every key in sight. How about, instead: 3) A way to retrieve all the keys signed by a given entity. This would have the effect that when you come to trust Alice, you can simply go and get all the keys she signed. I believe the present keyservers don't allow that... (Or else I don't know how to ask for it.) Hope that makes sense... Adiau - Jiri - -- If you want an answer, please mail to <jirib@cs.monash.edu.au>. On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMPD/cSxV6mvvBgf5AQEAoQP+MB78qOcXqqXp8XKh8y/UCD7QW1SDN9WX XMEYQqQijHE1JCwYBlvhtRdqunPJODGBOhN+EVNG8OBrSzQZGkWeRxa+ThhQ+E4L dwB5WYRzjzDWTNxA1UW1W994Z+FzCUE0OouOiOLOCrstnlnJ6rEY0+NCzieQkx0L Bf5pVdsEUJg= =dkEp -----END PGP SIGNATURE-----
participants (2)
-
Alan Olsen -
Jiri Baum