Adam Shostack <adam@bwh.harvard.edu> writes:

Whats wrong with PGPtools? (A lack of documentation. Been a while since I looked, but I think it lacked a high level interface. The low level stuff is great, but on the mac, I can send an Appleevent "Encrypt *file recipient" and, some extended period later, get a response.

It has been a while since I looked too, does it work with the 'new' format messages generated by MIT pgp? Does anyone actually USE pgptools for any available applications? As far as I know, nobody uses it. If nobody uses PGPtools, then what is the reason? Either nobody really wants a PGP library (which isn't true judging from the inquiries on cypherpunks), or something is wrong with PGPTools. Is it the documentation like you said? Maybe some of us should pick up where pr0duct cypher left off and enhance PGPTools. This brings me to another point: Isn't the file format for PGP supposed to change (I think I remember Colin telling me this quite a long time ago)? If it is, should we bother with PGPtools? What really is the status of PGP 3.0? Assuming the file-format has changed, shouldn't it have been decided by now? If PGP 3.0 is being written on top of a portable generic crypto-library, don't you think this, the foundation of the new PGP, would be ready (after a year+ of working on it and rumors from developers of PGP 3.0 being out in 6 months?). There was a quick thread on this last week and not a peep was heard... I really wish somebody who had a clue would fill us in on where PGP 3.0 really stands. I have the suspicion that it is not nearly as far as we would like to think. If this is the case we should probably get cracking on PGPtools.

| 5. socket-based keyserver interface for real-time automagic key | fetches

Who needs real time? The servers are often bogged down and don't respond in real time anyway. The following procmail works fine. Theres also a short shell script at the end.

When I am checking a signature, I want to be able to check that signature right now! By the time an e-mail request gets back, I'm a 100 articles down the line and not interested in checking that signature anymore. For personal mail, or REALLY important news articles, I am willing to wait, of course. The finger-for-keys server at Illuminati Online is an example of real-time key fetching (although last I tried it didn't work... either it's no longer there, or it has moved from wasabi.io.com and I don't know the generic hostname for their pgp-keyserver), but to access it programatically would require some parsing and such... A keyserver that watched a TCP port and had a very simple protocol (maybe Simple Key Transfer Protocol - SKTP) for requesting keys, would be keen. Maybe auto-key fetching isn't something we need to concentrate on... I was just throwing out some ideas... andrew