1995-02-10 - Re: why pgp sucks

Header Data

From: Robert Rothenburg Walking-Owl <rrothenb@ic.sunysb.edu>
To: hh@xcf.Berkeley.EDU (Eric Hollander)
Message Hash: ab02e29ef096ec3acb6cfdf38caeb6685f8c9b06d5344629dfbe9b4d8d0fac16
Message ID: <199502102228.RAA21755@libws3.ic.sunysb.edu>
Reply To: <9502101849.AA21833@xcf.Berkeley.EDU>
UTC Datetime: 1995-02-10 22:29:15 UTC
Raw Date: Fri, 10 Feb 95 14:29:15 PST

Raw message

From: Robert Rothenburg Walking-Owl <rrothenb@ic.sunysb.edu>
Date: Fri, 10 Feb 95 14:29:15 PST
To: hh@xcf.Berkeley.EDU (Eric Hollander)
Subject: Re: why pgp sucks
In-Reply-To: <9502101849.AA21833@xcf.Berkeley.EDU>
Message-ID: <199502102228.RAA21755@libws3.ic.sunysb.edu>
MIME-Version: 1.0
Content-Type: text/plain


> 
> if i use a command like
> 
> 	pgp filename
> 
> it will automatically figure out the right thing to do with the file.  if
> it's encrypted, and i have the key, it will attempt to decrypt it.  if it
> contains keys, it will ask if i want to add them to my keyring.  if it's
> signed, it checks the signature.
> 
> this sucks!

From whose point of view? Remember the thread about Getting things right
v. Getting the software out?

The above way is easier for most people with little computer techie
knowledge. Requiring a whole complex set of commands would mean less
PGP users.

As people get used to it and learn about the issues, key management,
etc. they'll be more willing to use a more advanced version of PGP...
at the very least, they'll eventually RTFM and realize that you actally
have more control of what it can do...

Rob

> if i'm trying to write a program to automatically process incoming mail (for
> instance, to see if it's encrypted with a specific key), i certainly don't
> want to have the possibility of people being able to add garbage to my
> keyring just by mailing it to me.

Have your program check what's in the mail before doing anything with it...?








Thread