-----BEGIN PGP SIGNED MESSAGE----- [I posted the following to alt.security.pgp and sci.crypt. -Bryce] (If you don't want to help with my problems, skip to "Zimmermann needs to change pgpdoc1.txt" at the end.) First, I am trying to communicate with a fellow who refuses to upgrade to PGP2.6 because if RSA (as opposed to RSAREF) was good enough for Phil then it's good enough for him! Assuming for the moment that convincing him to upgrade is not feasible, isn't there a hack by which I can interoperate with him? He's using 2.3a and I'm using 2.6ui, 2.6.2, 2.6.1 and 2.6. (More on that later...) I can hack the C code if that is what is necessary to interoperate. Second, I am using several public keys and several different versions of PGP because I work from various computers with various levels of security. That is: when I am in the University's computer lab I use one key <617C6DB9> and the University's 2.6.2 but when I am on my home computer I use another <148A11E5> and my linux PGP 2.6.1 (I'm going to upgrade it any day now...). I also have a couple of other keys with "Bryce Wilcox" in the User ID field for other uses. The problem/gripe is that whenever I try to manipulate public keys on my keyring, PGP grabs the first one with User ID "Bryce". How do I extract, edit, sign, etc. the *other* "Bryce" keys on my public keyring. I tried giving PGP the Key ID, which seemed like the most reasonable user interface to me, but that didn't work. Third, how do I set those "PGP-Note" strings that appear in some people's PGP Signature Blocks? And lastly, a gripe. Zimmermann's "pgpdoc1.txt" needs to be changed. Let me explain: I am in the (long, drawn-out) process of trying to convince my friends and family members to use PGP. The first hurdle is that it is a pain in the butt to use, and they are not going to use it if it means they have to learn a handful of Unix commands and spend 30 seconds screwing with it every time they want to send mail. But that isn't the subject of this gripe. The second hurdle manifests when I send them a copy of "pgpdoc1.txt". They start browsing through it and come upon "NEVER EVER use PGP on a remote, multi-user system. It wouldn't have maximum security in that situation." They say "Oh, well I guess I can't use it then because damned if I'm going to upload and download all of my mail at 1200 baud just so Bryce will quit bugging me about this PGP thing." So I say "No no no, using it on a remote system is still better than nothing. Just be aware that it is easier to crack your secret key when you use it there than if you kept it on your home computer." So they go back to reading "pgpdoc1.txt" and it says "NEVER EVER use a public key which was sent to you through the Net. It could be tampered with." So they say, "What, I have to make a long-distance phone call to Cousin Joe in Israel before I can send him a 'Happy Birthday' message using PGP? Why bother?" And I say "No no no, using a key which you got through the Net is better than using no key at all, just be aware that if someone *really* wanted to spy on you that they could have tampered with it. When you see Cousin Joe next Christmas you can compare keys with him and make sure you have the right one." In short, pgpdoc1.txt needs to quit saying "NEVER EVER use PGP in other than MAXIMAL SECURITY situations" and start saying "If you want MAXIMAL security, do it this way, and if you are satisfied with lesser security, here are other options." I am fond of saying that we PGP enthusiasts have two choices ahead of us within a couple of years: either 5,000 enthusiasts using PGP with MAXIMAL SECURITY at all times, or 5,000 enthusiasts with MAXIMAL SECURITY and 10,000,000 computer-illiterate e-mail users using PGP with push-button interfaces and multi-user remote systems. The important thing, of course, is the easy-to-use, e-mail-integrated software (version 3.0, I hope?), but it would also help if Zimmermann's PGP Doc didn't tell those computer-illiterates to either "become enthusiasts or don't use it." Bryce signatures follow /=============------------ URL of the Day: DigiCash bv Bryce Wilcox, Programmer The currency of the future! Give me a bryce.wilcox@colorado.edu cyberbuck because I gave you this URL: ------------=============/ http://www.digicash.com/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMA1EKPWZSllhfG25AQHzPAP+MB/JLhN+Un9yVXRv5fejb297YONynlPF EXxN6L7OwcD4q9XE23XdlutlQbAoK2tKbBLjTYat7s/t53W+jpCyKOChN7zn4V+I bdAu8TKE4IG9a7fzxK0jqcpHBWqU2SaRxpaPEKl7HXbtFJxdKqn1n/M7INPJxF2w /JsyZom8gmk= =Tzje -----END PGP SIGNATURE-----