1996-01-08 - Re: A couple of ideas for PGP-based programs

Header Data

From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
To: alano@teleport.com (Alan Olsen)
Message Hash: 504db378b9832175ad88778a8e64cc7063563ba5dee73d3be432f7f114948a2d
Message ID: <199601081126.WAA24401@sweeney.cs.monash.edu.au>
Reply To: <>
UTC Datetime: 1996-01-08 11:34:43 UTC
Raw Date: Mon, 8 Jan 1996 19:34:43 +0800

Raw message

From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Mon, 8 Jan 1996 19:34:43 +0800
To: alano@teleport.com (Alan Olsen)
Subject: Re: A couple of ideas for PGP-based programs
In-Reply-To: <>
Message-ID: <199601081126.WAA24401@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


Hello cypherpunks@toad.com
  and Alan Olsen <alano@teleport.com>
> 1) Something I would like to see on the keyservers for PGP is a way of 
> retreving all of the key revokations since x date without having to get all of

Probably a good idea (that, and/or have a mailing list with key revocations).
How about it, keys.pgp.net people?

> 2)  I would like to see a program like private Idaho have the ability to send
> mail to the key server and grab all of the "unknown signator" keys.

This is very easy, at least in Unix: pgp -kvv, grep, cut, for.

In DOS, you can do pgp -kvv and find, then edlin to change
every "sig" into "call getkey", call the resulting (batch) file,
which will call GETKEY.BAT for every missing key. I hope.

However, I don't see much of a point to it: these are people you don't
even know the keys of; how are you going to know whether they are
trustworthy? (The Web-o-Trust can only tell you who they are, not
whether to trust them.)

> This would
> have the interesting effect of building a more complete keyring, while using 
> the "web of trust" to weed out alot of the bogus keys that tend to crop up on
> the key servers.  After n number of itenerations you would have more of the
> "important keys" and the ones that have little or no signage would be left to

No, you wouldn't. You would tend to have the keys that sign a lot
of other keys, which would include both SLED (Four-11) and a lot
of careless people that sign every key in sight.

How about, instead:

3) A way to retrieve all the keys signed by a given entity.

This would have the effect that when you come to trust Alice, you
can simply go and get all the keys she signed. I believe the present
keyservers don't allow that... (Or else I don't know how to ask for it.)

Hope that makes sense...

Adiau - Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

Version: 2.6.2i