why pgp sucks

Perry E. Metzger perry at imsi.com
Fri Feb 10 19:10:18 PST 1995

Hal says:
> Matt Blaze <mab at crypto.com> writes:
> >More seriously, the problem that Perry brought up is that it's hard
> >to deploy any kind of scaleable key distribution infrastructure
> >that works with PGP (as it currently exists - and yes, I realize
> >there are work-arounds for some specific situations).
> Could you have a distributed database where you lookup by key ID and get
> a key?  Or is there a constraint that the key distribution infrastructure has
> to be part of the DNS?
> I could see a set of key servers where one deals with all keys that start
> with 0x00, the next has all keys which start with 0x01, etc.  This makes
> it easy to know which server to go to in order to look up a given key ID.

Theis will not work, Hal, because it would mean that administrative
control over keys would have to be held by people far removed
organizationally and spacially from those who own them. Things work
much better when the administrators and users are close
together. Futhermore, the DNS style solution scales -- it
automatically aquires servers to meet demand as the space expands,
unlike a pseudo-distributed system such as the one you
propose. Furthermore, DNS is one of the few really large scale
distributed databases that has been well proven, and piggybacking off
the technology has real advantages.


More information about the cypherpunks-legacy mailing list