From: Andrew Lowenstern <andrew_loewenstern@il.us.swissbank.com>
To: Adam Shostack <adam@bwh.harvard.edu>
Message Hash: 42ab6687d4cd20d6f6925e3652603007870d7421eddeb79d313e7a7452ef7251
Message ID: <9412200024.AA02051@ch1d157nwk>
Reply To: N/A
UTC Datetime: 1994-12-20 00:24:01 UTC
Raw Date: Mon, 19 Dec 94 16:24:01 PST
From: Andrew Lowenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Mon, 19 Dec 94 16:24:01 PST
To: Adam Shostack <adam@bwh.harvard.edu>
Subject: Re: c'punks top 5
Message-ID: <9412200024.AA02051@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain
Adam Shostack <adam@bwh.harvard.edu> writes:
> Whats wrong with PGPtools? (A lack of documentation. Been
> a while since I looked, but I think it lacked a high level
> interface. The low level stuff is great, but on the mac, I can
> send an Appleevent "Encrypt *file recipient" and, some extended
> period later, get a response.
It has been a while since I looked too, does it work with the 'new' format
messages generated by MIT pgp? Does anyone actually USE pgptools for any
available applications? As far as I know, nobody uses it. If nobody uses
PGPtools, then what is the reason? Either nobody really wants a PGP library
(which isn't true judging from the inquiries on cypherpunks), or something is
wrong with PGPTools. Is it the documentation like you said? Maybe some of
us should pick up where pr0duct cypher left off and enhance PGPTools. This
brings me to another point:
Isn't the file format for PGP supposed to change (I think I remember Colin
telling me this quite a long time ago)? If it is, should we bother with
PGPtools? What really is the status of PGP 3.0? Assuming the file-format
has changed, shouldn't it have been decided by now? If PGP 3.0 is being
written on top of a portable generic crypto-library, don't you think this,
the foundation of the new PGP, would be ready (after a year+ of working on it
and rumors from developers of PGP 3.0 being out in 6 months?). There was a
quick thread on this last week and not a peep was heard... I really wish
somebody who had a clue would fill us in on where PGP 3.0 really stands. I
have the suspicion that it is not nearly as far as we would like to think.
If this is the case we should probably get cracking on PGPtools.
> | 5. socket-based keyserver interface for real-time automagic key
> | fetches
>
> Who needs real time? The servers are often bogged down
> and don't respond in real time anyway. The following
> procmail works fine. Theres also a short shell script at the end.
When I am checking a signature, I want to be able to check that signature
right now! By the time an e-mail request gets back, I'm a 100 articles down
the line and not interested in checking that signature anymore. For personal
mail, or REALLY important news articles, I am willing to wait, of course.
The finger-for-keys server at Illuminati Online is an example of real-time
key fetching (although last I tried it didn't work... either it's no longer
there, or it has moved from wasabi.io.com and I don't know the generic
hostname for their pgp-keyserver), but to access it programatically would
require some parsing and such... A keyserver that watched a TCP port and had
a very simple protocol (maybe Simple Key Transfer Protocol - SKTP) for
requesting keys, would be keen.
Maybe auto-key fetching isn't something we need to concentrate on... I was
just throwing out some ideas...
andrew
Return to December 1994
Return to “Andrew Lowenstern <andrew_loewenstern@il.us.swissbank.com>”
1994-12-20 (Mon, 19 Dec 94 16:24:01 PST) - Re: c’punks top 5 - Andrew Lowenstern <andrew_loewenstern@il.us.swissbank.com>