why pgp sucks
Robert Rothenburg Walking-Owl
rrothenb at ic.sunysb.edu
Fri Feb 10 14:29:15 PST 1995
>
> if i use a command like
>
> pgp filename
>
> it will automatically figure out the right thing to do with the file. if
> it's encrypted, and i have the key, it will attempt to decrypt it. if it
> contains keys, it will ask if i want to add them to my keyring. if it's
> signed, it checks the signature.
>
> this sucks!
>From whose point of view? Remember the thread about Getting things right
v. Getting the software out?
The above way is easier for most people with little computer techie
knowledge. Requiring a whole complex set of commands would mean less
PGP users.
As people get used to it and learn about the issues, key management,
etc. they'll be more willing to use a more advanced version of PGP...
at the very least, they'll eventually RTFM and realize that you actally
have more control of what it can do...
Rob
> if i'm trying to write a program to automatically process incoming mail (for
> instance, to see if it's encrypted with a specific key), i certainly don't
> want to have the possibility of people being able to add garbage to my
> keyring just by mailing it to me.
Have your program check what's in the mail before doing anything with it...?
More information about the cypherpunks-legacy
mailing list