why pgp sucks

Derek Atkins warlord at MIT.EDU
Fri Feb 10 13:36:08 PST 1995


> Unfortunately, the current PGP practice of using only numeric key-ids
> in message packets makes it hard to do this -- sigh. I hope that
> the next version of PGP changes this.

I doubt PGP will change this in the near future.  That would require a
major packet format change, and would not be anywhere near backwards
compatible.  

I dont consider this to be a big problem.  If you limit key lookups in
the database to be lookup on userID only, that solves your database
problem.  As for the keyID->userID, well, this would only be required
to _verify_ a signature.  In that case, you know who sent the message
to you so you can ask them for the key.  When you want to encrypt to
someone, you already know to whom you want to encrypt, so the same
thing applies.

I don't see the problem!

-derek

PS: I should state that I know what problem you are trying to solve,
and I'm saying that there are other workarounds to get around the
problem.






More information about the cypherpunks-legacy mailing list