1995-02-11 - Re: why pgp sucks

Header Data

From: Matt Blaze <mab@crypto.com>
To: Hal <hfinney@shell.portal.com>
Message Hash: 097c133a4398fa4535084b209666310e1598fe2651cb21ea054b4874f9ddce4e
Message ID: <199502110114.UAA07325@crypto.com>
Reply To: <199502110029.QAA21514@jobe.shell.portal.com>
UTC Datetime: 1995-02-11 01:11:41 UTC
Raw Date: Fri, 10 Feb 95 17:11:41 PST

Raw message

From: Matt Blaze <mab@crypto.com>
Date: Fri, 10 Feb 95 17:11:41 PST
To: Hal <hfinney@shell.portal.com>
Subject: Re: why pgp sucks
In-Reply-To: <199502110029.QAA21514@jobe.shell.portal.com>
Message-ID: <199502110114.UAA07325@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain



>Matt Blaze <mab@crypto.com> writes:
>>More seriously, the problem that Perry brought up is that it's hard
>>to deploy any kind of scaleable key distribution infrastructure
>>that works with PGP (as it currently exists - and yes, I realize
>>there are work-arounds for some specific situations).
>
>Could you have a distributed database where you lookup by key ID and get
>a key?  Or is there a constraint that the key distribution infrastructure has
>to be part of the DNS?
>
>I could see a set of key servers where one deals with all keys that start
>with 0x00, the next has all keys which start with 0x01, etc.  This makes
>it easy to know which server to go to in order to look up a given key ID.
>
>Hal

Well, you could do that, but it has the disadvantage that you can't
or control what server a particular key would end up on.  One of the
nice things about DNS-like systems is that a domain is responsible for
providing the resources to provide lookups within it.  If I add a machine
to crypto.com, I add it to the crypto.com name server (plus the secondary
servers, but that's a detail that gets handled automatically).
Everyone knows to come here if they want to resolve a crypto.com name.

In the case of PGP key IDs, you could create an artificial hierarchy
of numbers for the purpose of offloading work among several servers,
but that doesn't solve the hard problem, which is letting _me_ (or my
designee) control (and be responsible for) the distribution of keys in
_my_ domain.  (When someone generates a new key it could end up anywhere
in the kind of hierarchy you described).

I don't think it's clear yet, by the way, that domain names are
the right model for personal key distribution (in particular, it
assumes that keys are being distributed on-line and deals only
awkwardly with semi- off-line clients, as anyone who travels with
a sometimes-networked laptop knows.  It also assumes that the
distribution hierarchy can be mapped atop the lookup keys namespace,
which makes it hard to use for anything that isn't hierarchically
formed).  It's probably one of the important options, though, since
it scales so well and has a successfully fielded history in DNS.

-matt





Thread