From: Adam Shostack <adam@bwh.harvard.edu>
To: peter.kretzman@mccaw.com
Message Hash: d63f3a2b34c618d44a890699cace60b8f916686521c0983857248fdc83a479c0
Message ID: <199402260147.UAA26294@duke.bwh.harvard.edu>
Reply To: <9402260002.AA04693@axys69.nwest.mccaw.com>
UTC Datetime: 1994-02-26 01:47:38 UTC
Raw Date: Fri, 25 Feb 94 17:47:38 PST
From: Adam Shostack <adam@bwh.harvard.edu>
Date: Fri, 25 Feb 94 17:47:38 PST
To: peter.kretzman@mccaw.com
Subject: Re: Use of PGP---statistics from the public key servers
In-Reply-To: <9402260002.AA04693@axys69.nwest.mccaw.com>
Message-ID: <199402260147.UAA26294@duke.bwh.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain
Peter Kretzman writes:
| I have no idea if these numbers correlate well to actual PGP use
| (these are, after all, just the people who are activist enough to
| post their key on the public key server, which also requires some
| degree of Internet connectivity). If the numbers DO correlate to
| some degree, I thought it was interesting that they appear to show a
| recent decline in usage rather than a steady ramp-up. Is the trend
| toward universal crypto slacking off?
I doubt it. It took me a while to get comfortable enough with
PGP that I bothered sending in my key. I generated it in December,
mailed it to a server in February. Mailing keys to servers is
convienent, but only if you're connected to a web of introducers.
Since I'm not, only one person has signed by key, and I his,
preperatory to some useful work with PGP.
So there really isn't much point to my sending a key to a
keyserver, since, by and large, none of you know who I am.
Admittedly, I could sign all my (2) messages to the list, and start to
gain a reputation connected strongly to a key, but I don't think many
people care if my messages are from me, because I am (effectively)
annonymous. None of you (with a few exceptions) know me, or who I am.
Whoever posts under my name could be me for all you care.
If I was Mitch Kapor, then I might sign messages to ensure
clarity of identity. Since the worst any message claiming to be from
me would do is make me look silly, I don't bother to sign them.
When I use PGP to confirm an identity, I exchange keys & then
fingerprint over the phone. Since I don't know any of you, I don't
have reason to get your keys, nor throw give mine to a server.
So, I think that using the keyservers as a gauge of the
popularity of PGP is not a good idea.
Adam
--
Adam Shostack adam@bwh.harvard.edu
Politics. From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.
Return to February 1994
Return to “Peter Kretzman <peter.kretzman@mccaw.com>”