Alastair McKinstry says:

What do yo see as the problem with this (PGP keys) ? What kind of key management architecture would you recommend ?

Well, as I said, just as one example, its too hard to reverse map key IDs into the entities that possess the keys. I'm thinking these days in terms of building an infrastructure in which a large fraction of the net can run "in black", which means you need good automated key management. To do that, you need distributed databases. Databases like DNS work very nicely for this purpose. Now, DNS can reverse map IP addresses because IP addresses are structured so it is possible to assume that if you have delegation over a set of them that you likely have the forward maps as well. However, you can't build something like that to handle random PGP key IDs. That means that if you want to be able to look up key IDs automatically in a network wide DNS style database, you lose. Key IDs need structure so you can trace them to organizations with delegation over particular sections of the keyspace, just as in DNS you have structure to domain names so you can figure out who has delegation over what part of the domain name space. Anyway, this is the sort of thing I'm thinking about these days. Perry