From: “Perry E. Metzger” <perry@imsi.com>
To: Hal <hfinney@shell.portal.com>
Message Hash: 398dbc2cffdef34f617548c133fe8bcfc18e9b22a18e2fb1adb44f5ec79f7292
Message ID: <9502102036.AA15222@snark.imsi.com>
Reply To: <199502102031.MAA21422@jobe.shell.portal.com>
UTC Datetime: 1995-02-10 20:36:40 UTC
Raw Date: Fri, 10 Feb 95 12:36:40 PST
From: "Perry E. Metzger" <perry@imsi.com>
Date: Fri, 10 Feb 95 12:36:40 PST
To: Hal <hfinney@shell.portal.com>
Subject: Re: why pgp sucks
In-Reply-To: <199502102031.MAA21422@jobe.shell.portal.com>
Message-ID: <9502102036.AA15222@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain
Hal says:
> "Perry E. Metzger" <perry@imsi.com> writes:
> >I'll also note, yet again, that unless PGP quits this bad practice of
> >identifying counterparties only by a number, it is NOT going to be
> >universally deployed. Counterparties need to be identified by a name
> >that can be looked up in the DNS -- meaning "joe@foo.com" rather than
> >some key ident number.
>
> PGP of course looks up keys by strings in addition to numbers. A widely
> accepted practice is to use <joe@foo.com> in the user ID which allows the
> lookups to be by internet address.
The problem is that incoming messages are tagged with the number, not
the string. You can't check the signature if you don't have the number
in your own database. Global databases don't scale. Distributed
databases like DNS do scale. DNS style naming doesn't hurt non-DNS
users, so its a shame that it isn't there -- I, for one, can't specify
PGP style keys in the internet key management system I'm working on
because of this.
Perry
Return to February 1995
Return to “Robert Rothenburg Walking-Owl <rrothenb@ic.sunysb.edu>”