-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Wednesday 4 August 2010 at 6:57:57 PM, in <mid:[email protected]>, Robert J. Hansen wrote: > It is also worth noting that PGPNET has some very big > problems with key management. PGPNET users are > apparently comfortable wrestling with these problems > (more power to them for that), but we shouldn't pretend > the problems don't exist. In a business-critical setting where it is very important that such things "just work" and do so effiently, this model undoubtedly would fall considerably short of the mark. In a friendly, social forum like PGPNET, I would characterise these "very big problems" more as minor issues and/or learning opportunities. It's really no big deal, just a case of adding/deleting a key in your encryption list each time a new person joins/leaves/changes their key. For those who don't want to "manage" it themselves, shortly after any change one of the moderators posts a list of members and their key IDs to the group's file area, along with an asc file containing all the members' keys; sometimes this may happen a couple of times in a week but more often it's well over a month. And twice a year there's a month-long "roll-call" - anybody who doesn't post in that month is removed from the group. > 40 members equals 780 separate communications links, each one of > which can fail and produce problems for other people. The network > begins to get spammed with "that last message wasn't encrypted to my > new key, please re-send." There is a certain amount of that, obviously. Some people use more than one system and forget to update them all, or update their installation and break something. Or come back from vacation and post messages before spotting there are new members. But it's not as much of an issue as you might expect. Remember, the communications are neither urgent nor important. > PGPNET is probably operating pretty close to the limits of OpenPGP. > At some point the math bites you hard and doesn't let go. Some time back, the head count on PGPNET was in the mid-high 40s and there were more issues. The inevitable increase in instances of human error, plus I also think I recall some people's software would fail to reliably encrypt to that many keys - not report any errors, just send the message encrypted to a subset of the keys. > A couple of years ago at USENIX Dan Wallach of Rice > University talked about his difficulties getting 30 > Ph.Ds in computer science to all communicate on an > OpenPGP-encrypted mailing list. His precise phrasing > was, "it was the torment of the damned." Maybe the issue is that he was getting them to do it, rather than them choosing of their own volition. Some new members on PGPNET seem to have great difficulties; they overcome them or give up. Most are able to master it fairly quickly, with help and guidance from existing members as requested. - -- Best regards MFPA mailto:[email protected] All generalizations are dangerous, even this one. -----BEGIN PGP SIGNATURE----- iQCVAwUBTFnz/qipC46tDG5pAQrEsQP+MMsp3Qwi47tgIN5sB5D/JwXpzDHyWvzP zmaHGN73hlD1HfGHx+eNWV4z52oshkPeqE5BoAhu4P2sfKfmufNGCX39v3z3oXYR xDusJQtYQQrHywKKri7rPbHtTRTwZSphJKxJ/K0VTO7wSrbKllnB9OvkViROT4J/ XvjZ0PmCThY= =s/uO -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
