From: “Perry E. Metzger” <perry@imsi.com>
To: Hal <hfinney@shell.portal.com>
Message Hash: 82f1908a384e5369bf9401becfcc9eaa90c1675416a73fb1b8feedfc7748711d
Message ID: <9502110307.AA16138@snark.imsi.com>
Reply To: <199502110029.QAA21514@jobe.shell.portal.com>
UTC Datetime: 1995-02-11 03:10:18 UTC
Raw Date: Fri, 10 Feb 95 19:10:18 PST
From: "Perry E. Metzger" <perry@imsi.com>
Date: Fri, 10 Feb 95 19:10:18 PST
To: Hal <hfinney@shell.portal.com>
Subject: Re: why pgp sucks
In-Reply-To: <199502110029.QAA21514@jobe.shell.portal.com>
Message-ID: <9502110307.AA16138@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain
Hal says:
> Matt Blaze <mab@crypto.com> writes:
> >More seriously, the problem that Perry brought up is that it's hard
> >to deploy any kind of scaleable key distribution infrastructure
> >that works with PGP (as it currently exists - and yes, I realize
> >there are work-arounds for some specific situations).
>
> Could you have a distributed database where you lookup by key ID and get
> a key? Or is there a constraint that the key distribution infrastructure has
> to be part of the DNS?
>
> I could see a set of key servers where one deals with all keys that start
> with 0x00, the next has all keys which start with 0x01, etc. This makes
> it easy to know which server to go to in order to look up a given key ID.
Theis will not work, Hal, because it would mean that administrative
control over keys would have to be held by people far removed
organizationally and spacially from those who own them. Things work
much better when the administrators and users are close
together. Futhermore, the DNS style solution scales -- it
automatically aquires servers to meet demand as the space expands,
unlike a pseudo-distributed system such as the one you
propose. Furthermore, DNS is one of the few really large scale
distributed databases that has been well proven, and piggybacking off
the technology has real advantages.
Perry
Return to February 1995
Return to “Robert Rothenburg Walking-Owl <rrothenb@ic.sunysb.edu>”