Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Encryption Security

PGP/GnuPG June Key Analysis 70

Drew Streib writes: "In the spirit of some work begun by Neal McBurnett a few years ago, there is a June report of keys from global keyservers. This report covers about 1.5 million keys, from a 1.7GB public binary keyring, focusing on keys that are nearest the center of the web of trust. Using a GnuPG key? This will tell you where you stand in the overall rankings, as well as signatures to look for. Not using one? Maybe you should be." This would be worth reading for the explanation of the analysis alone.
This discussion has been archived. No new comments can be posted.

PGP/GnuPG June Key Analysis

Comments Filter:
  • by Wakko Warner ( 324 ) on Monday June 25, 2001 @04:07PM (#128370) Homepage Journal
    ...how many people were murdered because they PGP-sign things but don't make their PGP keys publically available?

    Don't you just wanna SHOOT those people!?!

    - A.P.

    --

  • by Enry ( 630 ) <enry@NosPAM.wayga.net> on Monday June 25, 2001 @04:04PM (#128371) Journal
    As soon as someone integrates it into Mozilla! Mozilla does everything I need in a mailer right now except GPG/PGP support:

    Good IMAP support (most stable I've seen)
    SIMAP and SSMTP support
    Graphical (hey, if I'm useing X, may as well use it)
    Cross platform (can use it under Windows or Linux)

    ..while I'm at it, roaming profile support in mozilla would be nice too.
  • I have users who want that. They absolutely can't understand what the password is for - they seem to think it's there just to annoy the shit out of them. Sigh.
    _____

    Sam: "That was needlessly cryptic."
  • by Will Sargent ( 2751 ) on Monday June 25, 2001 @04:46PM (#128373) Homepage
    This is bug 22687 [mozilla.org].

    This is a fascinating bug, BTW. Discussion about NSA security policy, an NAI developer offering his time for the feature, and the effect the patch would have on the tree.

    It's highly unlikely (based on the history and state of 0.92) that the patch will make it into the main build, but if you are brave and foolhardy you can try out the code yourself.

  • I've heard from a reliable source that GnuPG has compatibility issues with PGP. Messages signed/encrypted by one aren't always correctly handled by the other.

    Anyone know if there's an issue here, and what it actually is?

    Schwab

  • I have even tried to talk HTTP to it. It seems like it just won't listen.

    The key servers talk HTTP on port 11371. There's also a way to do requests by e-mail, but I don't know the details of how that works.


  • Number of keys: 1,461,786
    Keys with at least one outside sig: 161,298

    Since a self-signed key is no more reason to trust the key than finding it on a scrap of paper in the road, this allows us to compute the PGP clue of people using PGP keyservers.

    Number of people who don't understand what they are doing: 1,300,488

    PGP clue density: 0,11

    And this is from the part of the population that has the clue to install PGP and find the "upload" button.
    Not encouraging.
  • Lutz Donnerhacke mailed a massive amount of people
    to sign his key even though they never met him.
    It shows how successful (and thus meaningless)
    this web of trust is if you don't know the people
    in that web personally. A high ranking in this
    list can still be easily obtained, as Lutz has
    shown.
  • I know of at least 5 people closely entertwined
    with CCC/Cypherpunks/Hacktic that got requests
    to sign his key. I guess originally it all stemmed
    from the failed keysigning party at Hip'97.
    (failed because DDT never published the material)

    I guess I'll see Lutz and HAL2001, and he can
    explain it :)

    Paul
  • So where is Kevin Bacon's key in this set?
  • From the explanation [dtype.org] page:
    NOTE: This does not mean that you should universally trust keys with a low MSD. This is merely a relative measurement for statistical purposes.

    True, trust is not transitive and anyone can sign my key without even knowing me. But the fact is that very few people actually do that, so for statistical purposes only it still means something.


    -
  • In the context of electronic signatures (rather than encrypted data) it enables you to obtain the public key of the entity which signed a message for which you wish to check the signature. While this will not provide any correlation between the key holder and a "real world" identity, it does allow you check that a) the data has not been altered since it was signed, and b) that if 2 messages are signed with the same key that you have a reasonably level of confidence that they were signed by the same entity.
  • People are confusing physical and electronic identity.

    My driver's license may prove that I'm John Q. Public, residing at 123 Cherry Tree Lane. Seeing it may be considered proof that I'm the person I represent myself as, if in fact I'm representing myself as John Q. Public, residing at 123 Cherry Tree Lane.

    How would seeing that prove that I am the electronic identity I represent myself as? How do you know that maps to johnqp@lameisp.com? Perhaps it is jqpublic@otherisp.net. Perhaps both. Perhaps neither.

    The reliance upon physical identity "proofs" to somehow certify electronic identity is fundamentally flawed and can/will be exploited in subtle manners to facilitate a Man in the Middle attack. (BTW, MitM attacks are also part of the reason for self-signed keys, questioned in another post.)

    Since people seem to unable (for some reason) to get their minds around the difference between physical and electronic identities being unrelated, think for a moment about how one would get one's gnupg key signed, if one's email address was doglover@pets.org.

  • There's a difference between signing and sending an encrypted message, though. The whole point of signing is so that you can verify with someone's public key that the message really came from whom it says it came from. Unless I were to sign all my message to you with your key, all my messages to Bob with Bob's key, etc., but that would get ugly.

    Or am I misunderstanding something basic here?

    Caution: contents may be quarrelsome and meticulous!

  • Tell them you'll quit as soon as those managerial types quit sending you email with random VB scripts attached :)

    Caution: contents may be quarrelsome and meticulous!

  • PGP manual, if I recall, did recommend that people sign their own public keys. There's a reason for this, but it's subtle (so subtle that I forget what the reason is ;-)
    ---
  • Using unverified public keys is still better than doing nothing. You're vulnerable to MITM attacks, but those require at least some sophistication on part of attacker. It protects you from casual mail-spool snoopers, etc. So it raises the bar. That alone is good enough reason to use it.

    And if it gains popularity, things will get better. Right now, people have URLs and email addresses on their business cards. Maybe someday, PGP fingerprints will be on there too. Distant(?) future: Someone physically hands me a card with their fingerprint on it, and that fingerprint matches what I get from a keyserver. Then I'll know that key really goes with the person who handed me the card.

    I don't know how to do signing parties either. Need intersection of geographical closeness with crypto-cluefulness and lack of apathy about privacy issues. I have no idea how to find people in that set.


    ---
  • We'll also stop that confusing practice of confronting people with password prompts from now on. If we just assume they are who they claim, we're less likely to have stress and confusion.

    I know you think you're joking, but that's only because you presumably don't work in an environment where management might think your suggestion was a really good idea, and want you to implement it immediately!


  • "Alice must make a decision in her own mind about whether Carol is a trusted signer."

    "Once Alice has a good key for Carol and marks it as trusted, she can then extend the WoT by then getting keys which Carol has signed."


    You seem to be contradicting yourself. I agree with you up until the second last paragraph. Alice has a good key for Carol because she trusts Bob to sign keys. But the trust stops there - she shouldn't trust Carol to sign keys! As you said originally, she should know Carol and judge for herself if she can be trusted to sign keys.

  • How strange:
    I have 372 mails in my kmail sent-mail folder and I have yet to get a question about the strange text at the beginning and the end of my messages...
    I have even convinced one of my business partners to get a key so I could send him confidential information by email...

    Q.
  • Not to mention those who:

    1. Uploaded a key.
    2. Realized they don't personally know anyone else who uses crypto email and haven't heard of any keysigning parties anywhere nearby.
    3. Are waiting for inspiration to strike.

    :-(
  • My biggest problem with GnuPG/PGP is using it with Mutt [mutt.org], my mailer of choice.

    Mutt sends nice, new PGP/MIME messages. The friend with whom I communicate the most via GnuPG/PGP uses Outlook, which has no PGP/MIME support. So all of my messages to him are difficult to handle in Outlook, and all of his messages to me are a pain to decrypt in Mutt.

    *sigh* When will we all be using a modern standard? There's just no chance that he'll switch to Eudora.

  • I think most people don't really feel that their email would attract the attention from the government or others that warrents encryption. This attitude, I feel, is unfortunate because the best way to protect our privacy is to encrypt all messages, not just those that are sensitive, so that when we do encrypt a sensitive message, nobody will be suspicous.
  • According to the report, only 151,751 unrevoked keys have an outside signature attached. That's an infinitesimal portion of all email-users.

    I have to admit being part of this problem, as my key has been signed by only one other person. The reason: most of my friends don't use encryption, and I haven't heard of any key-signing parties in my area.
  • How exactly is this boring? It speaks to the future of our being able to send and recieve messages in private. In the past, when messages were mostly sent on paper and by the mail, the government and others simply did not have the capacity to open every piece of mail, read it, and leave no trace of having read it.

    Today, thanks to Carnavore and Echelon, we are facing a future when our primary means of sending text messages, Email, is searchable and readable by the government without our knowledge.

    We all have a duty to prevent that Orwellian future. This means adopting encryption and making it widely used. And this report is about how well (or poorly) we are doing that.

    I don't know about you, but to me, protecting our privacy is immensely important.
  • So, try and setup a keysigning!

    If anyone is interested in NYC/Long Island, let me know!
  • If your in the NYC area, I'll be glad to get together

  • I've noticed (both professionally and personally) that using GPG religiously usually responds to the other party going "huh"? If there are so many keys, who's using 'em all? Working for an ISP, I can tell you that most of our userbase, even the technicallty savvy ones, haven't even heard of it... Personally, I think it's great... But why isn't the rest of the world up to par? Most people seem to only use plain-text instead, which scares me... Any ideas?
  • So you didn't even read the GPG manual did you?
  • Or, use Eudora [eudora.com], which already has PGP/MIME support.
    ------
  • by Dwonis ( 52652 )
    Given that Network Associates have decided not to release the source code for PGP 7.x,

    Whaaaa???? And people still buy it? Are they nuts? What kind of security manager would recommend buying closed-source security packages?
    ------

  • Actually, this question came up in a PGP newsgroup not that long ago... Someone fed in a virgin address and a semi-dirty address. The virgin stayed pure, and there was a marked decrease in spam arriving at the dirty one. From that it was inferred that either they're ignorant of key servers, that even spammers know that scraping keyservers is like Randall Terry busting in on an ACLU roundtable, or that they might even use keyservers to scrub lists. Me, my money is on option one.
  • If you want to send a message to A but don't have A's key, why not just email A your own public key first, then email A that you have just emailed them your public key and that A should use it to encrypt their public key which they can then email to you?


  • "...In my own self plug, my own key sits at #1555 with an MSD of 5.4901. I'm just back from a key signing party though, so we'll see how it moves next month..."

    Mom: Johnny! What's that smell?

    Johnny: What? It's nothin'...

    Mom: Come over here. Let me see your eyes.

    Johnny: C'mon, cut me some slack...

    Mom: They're as red as an apple! Johnny...were you at one of those 'key signing' parties again??

    Johnny: No Mom...Leave me alone!

    Mom: What did I tell you about hanging around those crypto friends of yours. Are you back on PGP again?

    Johnny: Go away! I hate you! You don't understand! *snort*

    Mom:: If you're not careful you're going to catch something one of these days!

  • Mozilla mail doesn't work for me, period. It sure looks like it would be nice to use, but when I enter my data and hit "check mail" it just sits there and drools. No idea why. Kmail works just fine.
  • Precisely what I was going to suggest. Something like this:

    "This message has been digitally signed using the PGP protocol as proof of its authenticity. The following block of characters is the verifiable signature. Please see [insert url for pgp/gpg/whatever here] for more information if you would like to check this signature."

    Although that wording may still be too technical for the complaining "managerial types."


    ---

  • We'll also stop that confusing practice of confronting people with password prompts from now on. If we just assume they are who they claim, we're less likely to have stress and confusion.

    ---
    Drew Streib, dtype.org [dtype.org]

  • That topic is well covered in the compatibility section [gnupg.org] of the GnuPG FAQ. The issue is compatible encryption algorithms. Since it is easy to specify which algorithms to use, this really isn't a problem. (at least hasn't been for me yet)

    ---
    Drew Streib, dtype.org [dtype.org]

  • by Christopher Biggs ( 98469 ) on Tuesday June 26, 2001 @04:02AM (#128408) Homepage
    There are many reasons to put self-signed certificates on a keyserver.

    I put my ID fingerprint on my business card, then my key on the keyserver. If somebody who has my card wants my key, they download it and compare the fingerprints. If they don't have my card, they can call me and read out the fingerprint, or verify it through some other means that is more trustworthy than email.

    Self-signatures also prevent third parties from adding another email address to my certificate and submitting it back to the server. If each email address on a certificate is self-signed, only the posessor of the private key could have added those IDs to the key.

    The web of trust is one way of verifying that a key really belongs to a particular principal, but it is not the only way. Flexibility is one of the ways PGP wins over other public-key infrastructures (with PGP you are not forced to trust all the parties in the trust web. If you roll your own offline verification method, you don't even need to trust any of them.

  • You seem to be contradicting yourself. I agree with you up until the second last paragraph. Think for just a moment more and it ought to be clear. Alice has at this point decided that she trusts Carol, but lacks Carol's key. A key signed by Bob (a trusted signer) as belonging to Carol is as good as one from Carol herself. The distinction to make is between Carol and a key purportedly Carol's.
  • this one is funny too? someone must think that the "public key server" is a funny word...
  • Interestingly enough, I was recently forbidden to use PGP anymore while at work. My boss said that PGP signing things confuses people who are less technical (managerial types) and has made them think I'm adversely affecting their email clients due to the random characters that appear.

    Damn managerial types.
    ------------------------------------------ --------
  • But when i signed my messages "everyone" started asking about the strange text att the bottom of my messages

    This is a good thing. If people ask about the text on the bottom of your message, then you can tell them about encryption and why it is a good idea to use it. It's not just that people don't want the hassle, some of them just may not know that encryption exists for the masses.


    Enigma

  • It seems like we're saved by rule #3: Spammers are stupid. Fortunately.
  • According to the FAQ [dtype.org], the analysis is based on keys in the pgp.net ring. I haven't been able to figure out for sure if the pgp.net ring also syncs with the servers in the keyserver.net ring. Do anybody here know this for sure?
  • I'm a complete newbie with PGP, up to two months ago, my geek code said PGP-, but I have realized I really should start encrypting e-mail regularily.

    Anyway, about PRZ and incompatibility: Will there be incompatibility between OpenPGP [openpgp.org] applications? I mean, will NAI really have any option but to comply with OpenPGP? After all, most PGP users thinks of PRZ as a man with very high integrity, and will not use anything that comes out of NAI if it isn't completely OpenPGP compliant. If businesses still trust closed source, that's their problem, but wouldn't widespread use of OpenPGP force compliance? (I haven't read the RFC, so I must admit I don't know if it does....)

  • Yep, that's the port I talked to...
  • I have been trying to use gpg v-1.0.6 to send my key(s) to Keyserver.net [keyserver.net] as it seems to be the preferred keyserver for OpenPGP applications. While I have successfully submitted my key through the web interface, I can't get it to work through gpg.

    I have configured gpg according to to the webpage on the topic [keyserver.net], but it just responds:

    gpg: error sending to `search.keyserver.net': eof

    I have e-mailed the webmaster, but no respons. I had a few responses from the gnupg-users mailing lists, but nobody knows anything to resolve the problem. I have even tried to talk HTTP to it. It seems like it just won't listen. Is the server broken?

    Everything works fine with wwwkeys.pgp.net, though.

  • I don't know the code in-depth, but they should theoretically be completely compatible with each other. In practice, there are a few bugs to work out. For instance, you have to tell PGP several times to import a GPG key before it actually does it (for me at least). There are also a few problems with decrypting, but I've always been able to eventually get around those. I think they're pretty close to compatible, at least as close as these sorts of things can get without some serious revisions.
  • by jesterzog ( 189797 ) on Monday June 25, 2001 @05:28PM (#128420) Homepage Journal

    Have you considered putting a sig on the end stating that it's digitally signed? .. maybe why it's a good thing. (I do that sometimes.)


    ===
  • Ok. Generally, when you are encrypting with public-key encryption, you use the public key of the person you are sending the message to. Thus, they are the only one who are able to decrypt it (not even you, the sender, can decrypt it unless you also encrypt the message to yourself simultaneously). However, they have no way to verify that you are really the sender of that message, since you did not use any secrets known only to you (i.e. your private key) during the encryption process that would somehow link you to the message.
    So, obviously, in order to do that, you would sign the message with your private key, so that the person can then use your public key to verify it.
  • I use kmail on regular basis, wich have PGP support.
    But when i signed my messages "everyone" started asking about the strange text att the bottom of my messages........
    This technology has not been "integrated" enough
    to make it a default standard.
    Most people just want to send and read mail....
  • why would you care? If they send you a PGP encrypted message they have encrypted it with your public key, therefore you should have no problem reading it. The only problem is replying to it and still maintaining encryption
  • That's a good statistic, but there could be a significant number of people who
    a) created their public key
    b) uploaded it
    c) had it signed by their mate(s)
    d) didn't refresh the keyserver, but just updated their own keyring

    But I still like the 11% statistic.
  • The analysis clearly shows one of the biggest problems of PGP: the "web of trust".

    Only about 11 per cent of the keys have outside sigs, so for most of the keys you cannot trust the identity of the keyholder at all.

    From a mathematical point, the "web of trust" is certainly a nice idea, as it scales very well. In practice, however, it is obviously too difficult to get one's key signed. How would you do it ? Travel to a key-signing party ? Too expensive, except if you live in some blessed place. Ask around in your neighbourhood, like "Hey, do you have a PGP key, and if yes, would you sign mine ?" - not very likely to work. I have considered using a CA nearby, but they only sign PGP 2.6.3 keys ...

    It would be nice if someone (gnupg.org ?) would run a list where people can enter their name and address, indicating that they are willing to sign, such that others could look up a potential signer in their area. I know Debian has something like that, but there a just a handful of people on their list, spread all over the world - not really too useful.

  • this one is funny too? someone must think that the "public key server" is a funny word...

    I'd wonder how people would rate if I talked about 'Passport Service'(Score:5 Funny as hell)? :)


    &nbsp_
    /. / &nbsp&nbsp |\/| |\/| |\/| / Run, Bill!
  • What you said is true. As a sidenote, with a bit of work PGP trust can be transitive without getting thru public key server. CA(Certificate Authority) is a good example.

    Say a root CA A issues CA B, which in turn issues CA C. Carol's public key is digitally signed with CA C. Since Alice only has root CA A which comes with her browser by default(like Verisign). Alice then use CA B to verify CA C, then use root CA A to verify B. By this transitive relationship Alice can then trust Carol's public key as she can trust root CA A.

    Too bad applying for a personal/server CA from root CA like Verisign is quite expensive. A free public key server is still very important to us.
    &nbsp_
    /. / &nbsp&nbsp |\/| |\/| |\/| / Run, Bill!
  • Could anyone explain what the point of Public Key Servers is?

    I wonder why this was mod'd as 'Funny'. It's a pretty good question. :)

    It's not like 'centralizing' security responsibility as in 'Passport' services. It's a part of key-management/key-distribution in public-key encription system.

    In layman's term, having a centralized public keys repository could help maintaining higher security comparing with requesting public key from an individual by email.

    Say you'd like to send a confidential message to A, and you start by requesting A his public key; if an intruder is listening to your email, and learn from your initial public-key request mail that you are going to have a secure transfer, then the intruder might be able to impersonate A and send you a fake public-key.

    That's more issues on it, just gave you a very simple exmaple....anyway I wish it helps.
    &nbsp_
    /. / &nbsp&nbsp |\/| |\/| |\/| / Run, Bill!
  • Make the first thing that is displayed on logon the user's current salary.

    That will make them want to keep their password private!

  • by Guppy06 ( 410832 ) on Monday June 25, 2001 @06:23PM (#128430)
    I'd rather use an algorythm that is pretty much proven by the cryptographic and mathematical community to be unbreakable than some new one that has yet to be proven (or, more importantly, disproven). Cryptography is not a science where newer=better.
  • Could anyone explain what the point of Public Key Servers is?
  • by SiliconEntity ( 448450 ) on Monday June 25, 2001 @08:13PM (#128432)
    The analysis misunderstands one of the most fundamental principles of the PGP trust model: trust is not transitive.

    What this means is that if Alice trusts Bob to sign keys, and Bob trusts Carol, Alice does not automatically trust Carol. She may not even know Carol. Just because Bob trusts her, that doesn't necessarily mean that Alice should trust her.

    After all, Alice is trusting Bob to accurately sign keys. She judges in her own mind how trustworthy and reliable he is at this task. How likely is he to screw up and sign a bogus key? These are the issues she considers.

    To have transitive trust, she needs to make a much more careful evaluation of Bob. She must decide not just how good he is at mechanically verifying keys, but also how good a judge of character he is. If she were going to trust Carol just on his say-so, she would need to know that he is able to judge good key signers. This is a different type of skill than just being a good key signer. It is a people skill, not a technical one.

    For these reasons and more, PGP does not use transitive trust. If Alice trusts Bob as a signer, and he signs Carol's key, Alice concludes that she has a good key for Carol, that is, a key that truly belongs to Carol and not someone else. But she does not conclude that Carol is a good signer. PGP software will not treat signatures Carol makes as valid.

    Alice must make a decision in her own mind about whether Carol is a trusted signer. Only if Alice marks Carol's key as trusted will Carol's signatures then start being effective. In PGP, it is the end user who makes the decisions about trust.

    Because PGP uses non-transitive trust, the metric in the dtype.org article is not very relevant. It doesn't matter if there is a chain of signatures from Alice to Zelda, because that will not make Zelda's key trusted. Alice (and every other end user) needs to decide for themselves which keys they will trust.

    What, then, is the role of the "Web of Trust" in PGP? It works like this. In the example above, suppose Alice knew Carol and did in fact want to trust her. Well, to trust her she needs her key. But how does she know that she got the right key? This is where the web of trust comes in.

    If she gets Carol's key from the key server and it is signed by Bob, whom Alice knows and trusts, she can conclude from this that she has Carol's true key. She can then mark this key as a "trusted introducer" (in PGP terminology) and at this point, signatures issued by Carol's keys are trusted by Alice.

    The web of trust played a part, by helping Alice to know that she had a good key from Carol. She didn't have to call Carol up and verify fingerprints, she didn't even have to sign Carol's key. Bob's signature on Carol's key was enough to know that the key was correct.

    Once Alice has a good key for Carol and marks it as trusted, she can then extend the WoT by then getting keys which Carol has signed. She knows that these keys are correct as well, and possibly some of those key holders are people Alice will also trust as introducers. In this way the Web of Trust gets extended, but each person makes his or her own trust decisions.

    I hope this clarifies how the Web of Trust works in actuality.
  • For starters, the fact that "which encryption algorithm from among many I had chosen is known"... is still a bad thing. Makes the cryptanalysts job that much easier, yes?

    Well, no. "Security through obscurity" doesn't help much against a dedicated attack; since this is the only type of attack you need to worry about when you're using reasonably strong crypto, there's no loss in admitting the type of encryption. With only a handful of popular algorithms (and those not equally likely), you'd only be gaining one or two bits worth of security were you hide the algorithm. It isn't worth the trouble.

    But still, when I encrypt data with one of the symmetric ciphers (-s) and specifically selecting the algorithm (blowfish, serpent, aes, etc.) with the --cipher-algo switch it produces some encrypted file which when I decrypt... does NOT require me to specify the cipher algo, yet still knows when I put in the wrong password.

    This could still be accomplished by trying each of them and reporting failure if none of them worked. But in fact, the PGP file format [demon.co.uk] simply stores the information. Blowfish, etc. are handled similarly [demon.co.uk].

    What does any of THIS have to do with public/private key ciphers?

    Nothing. In my first post I was just addressing your question about how it could "know" if you had a bad key, without weakening the encryption.

    -- MarkusQ

  • by MarkusQ ( 450076 ) on Monday June 25, 2001 @07:51PM (#128434) Journal
    This is a grossly oversimplified explanation, but:

    The public key is based on a number that is the product of two large primes. The private key is based on the primes.

    When you attempt to decrypt the message you are in effect asserting "The public key was divisible by these two numbers." At that point it is easy to check, and say either "you are right, here's the plain text" or "nope, it isn't divisible by them." Thus GPG can tell when you put in the wrong key, since multiplying two numbers and comparing them to a third is easy. (Note again: this is a gross oversimplification to just nail down the point in question. There are a LOT of details beyond this.)

    Notice that this does not mean that it is easy to "work out" the factors of the large number; the whole basis of this system is that it's easy to check an answer, but there are more potential answers than you could possible check (and a few other details, such as the fact that checking a subset does not provide any information about the unchecked values, etc.).

    Hope that helps.

    -- MarkusQ

  • The point is, you can look up my key on the server network, and use it to encrypt messages to me. Only I can decrypt messages encrypted with my key. Same for me using your key.

    That's called asymmetrical encryption. It's the reason PGP and similar cryptosystems are very convenient to use. Go get PGP or GPG and RTFM, you'll probably think it's pretty cool stuff.


    99 buckets of bits on the wall...

  • By definition, open PGP software should all be Open PGP compliant, and there should be no compatability issues.

    Network Associates PGP has never been known for standards compliance; NAI has "joined" the Open PGP Alliance, but we will have to wait and see if they are really interested in cleaning up their act in this area.

    Given that Network Associates have decided not to release the source code for PGP 7.x, the "latest & greatest" Win32 PGP version, I have my doubts about NAI's willingness to "do the right thing" with regard to standards compliance. If these decisions were up to the developers, I am sure that we would already have full source for PGP 7.x and that a standards compliant version from MAI would already be in the works. But the marketroids have the final say, and they seem to be saying, "Welcome to the complete Microsoft business model."


    99 buckets of bits on the wall...

  • Right you are, preaching to the choir, etc. But so far nobody is mentioning the real news:

    Network Associates PGP is closed source, as of release 7.x. Phil Zimmermann has left Network Associates' payroll, citing "philosophical differences" over the direction of PGP's development. (Can we say, "Ironcald non-disclosure & noncompete clauses"?) In the crypto world, this means that NAI PGP is dead and buried, though one can still decently use versions up to 6.5.8. We can hope that Network Associates management will come to their senses, but not expect it. PGP was great while it lasted, but as of 2001 it's over.

    GPG is going to be the new standard, beyond question. Those who care about the issues that crypto addresses-- privacy, security, non-repudiation, and anonymity (remailers use PKI technology)-- need to put some focus on the fact that the vast majority of public key crypto users are still PGP users. In the transitional period following the de facto death of NAI PGP, compatability is the single most important issue. GPG and PGP key formats are partially incompatable and often fail to inter-operate.

    From the standpoint of crypto advocacy, the incompatabilities between GPG and PGP create a logistical nightmare. It's hard enough to try to persuade "normal" people to use PGP; asking them to deal with two incompatable standards is simply impossible. You might as well tell them, "Crypto is beyond your reach, forget all about using it unless you are a computer professional." Or tell them that it's OK to use closed source crypto and just ignore all the Bad Things that this implies.

    The PGP user community, made up largely of non-geeks, will largely disappear along with PGP itself, unless they are assisted in the transition to GPG. What they want and in many cases need, is Win32 binaries (already available), GUI front ends for Win32 (none yet exist, at least nothing comparable to the "PGP Tray" utility), and most of all, "legacy" support for PGP keys (not available and AFAIK not even planned). I personally have not published and do not use a GPG key, because I still have to maintain full compatability with PGP users.

    Enough rant for now. Send your Windows oriented users to http://home.mpinet.net/pilobilus/EZ_PGP.htm [mpinet.net] if they are having trouble getting started with PGP. If you think my position has some sense in it, let the GPG developers know: because I want to take that PGP tutorial page DOWN sometime soon, and replace it with a GPG quick-start tutorial: One that the same kind of people who write to thank me for the existing page, will still be able to understand and use.


    99 buckets of bits on the wall...

  • Jim Rivers of PARC once said GPG could be the most important advent since the Web - if there was a defacto method of distributing keys. The fact remains that there are no universal mechanisms out there, and the ones that make the promises are coupled with incredibly profitable buisness plans that will never have significant backing by the public.

    And given the topic (privacy), no corporate or government agency will bother to invest in and standardize on a palitable service.

    Without both the people, the government, AND corporate backing, no such mechanism can be considered a true success.
  • With keyservers holding about 1.5 mill email addresses, wouldn't that be a goldmine for spammers?

If bankers can count, how come they have eight windows and only four tellers?

Working...