why pgp sucks
Perry E. Metzger
perry at imsi.com
Fri Feb 10 12:36:40 PST 1995
Hal says:
> "Perry E. Metzger" <perry at imsi.com> writes:
> >I'll also note, yet again, that unless PGP quits this bad practice of
> >identifying counterparties only by a number, it is NOT going to be
> >universally deployed. Counterparties need to be identified by a name
> >that can be looked up in the DNS -- meaning "joe at foo.com" rather than
> >some key ident number.
>
> PGP of course looks up keys by strings in addition to numbers. A widely
> accepted practice is to use <joe at foo.com> in the user ID which allows the
> lookups to be by internet address.
The problem is that incoming messages are tagged with the number, not
the string. You can't check the signature if you don't have the number
in your own database. Global databases don't scale. Distributed
databases like DNS do scale. DNS style naming doesn't hurt non-DNS
users, so its a shame that it isn't there -- I, for one, can't specify
PGP style keys in the internet key management system I'm working on
because of this.
Perry
More information about the cypherpunks-legacy
mailing list