GPG testing...

Travis Roy travis at scootz.net
Sun Dec 29 11:24:16 EST 2002 

> You should probably ask what is meant by that before you rush 
> to such conclusions...  In two messages in this thread you 
> seem in quite a hurry to bash PGP...  The key servers are not 
> a security risk to PGP users or "broken" in any serious sense 
> (that I'm aware of).  However most of them do not support 
> some of the newer features (like subkey
> expiry) of the OpenPGP standards.  This is all mike meant.

I understand this, but just as people bitch about how some sites are IE
only or such and such a server doesn't correctly follow RFCwhatever it
amazes me that these same people (not you specifically) don't seem to
care when other people that are big on open source or other "good"
projects don't follow their own rules. There's no real reason for all
the public key servers to implement all the fetures of the current
standard for OpenPGP except that the admin is either stubborn and
doesn't want to change, lazy and doesn't want to upgrade, or think that
everything is fine and that they don't need to upgrade, but that last
one of course will break some functionallity. In any of those cases I
wouldn't want to use their service.

I say that being one of the admins in the lazy category when it comes to
my own server some times, but I also don't expect many people to use my
server for such a critical application as signing emails. But for the
few things in the past that I used to run that were accessed by a good
number of people I made sure that all the programs that were used were
up to date and had all the current features available to my users. 
 
> Speculative, subjective...  If you have a better way to do 
> what PGP does, then by all means...

Typical open source response.. If you don't like it, do it yourself..
That's why there's lots of varients of the same program that do the same
thing, just that one might have a feature that another lacks. What's
wrong with saying that's something is flawed or needs this or that and
then implementing it or fixing the current application out there. Sure,
it's nice to have choice and all, and if somebody wants to start another
project that does the same thing that's fine.. But there are probably
ways to fix the current system to be better without restarting a project
from scratch.
 
> Well that's just dumb, but dumb people are everywhere...  You 
> can't blame PGP for that.

That is true.

Let me finish that I'm not anti-PGP/GPG or anti-open source. I'm
pro-whateverisbestforthejob. That's why I still use windows on my
desktop because for me it's the best suited for what I do. My server is
linux, my shared drives are on a linux server. My neighbor's sun drive
array is hooked up to a sun box running solaris and veritas because
that's the best suited for the job. I used GPG and PGPFreeware in the
past and I was never convinced that it could actually prove that I sent
the email to anybody I actually sent email to, and to the few that could
actually verify it the emails I sent them were stuff like this list mail
or just a "hey whare are you doing" type of email. I still have it, and
I do use it sometimes but only when I need it because the email is
something important and that I know the person getting the email can
check it..

> 
> - -- 
> Derek D. Martin
> http://www.pizzashack.org/
> GPG Key ID: 0xDFBEAD02
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
> 
> iD8DBQE+DnYMHEnASN++rQIRAgyaAJ9zg4RRPv82O6x/FMTQN0CqjZ8DZwCfU3lE
> TgylYqBzwLI53lS/2AYisFg=
> =gO7x
> -----END PGP SIGNATURE----- 
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org 
> http://mail.gnhlug.org/mailman/listinfo/gnhlug> -discuss
>

More information about the gnhlug-discuss mailing list