Greg Rose wrote:
> I was an early adopter of PGP, and put a lot of effort into advancing the
> Web of Trust. I use PGP actively on a daily basis. Nevertheless, I have
> been disillusioned for some time, and today's fun prodded me into writing
> this. Here is a list of things which I consider to be problems with "the
> PGP Scene":
I discussed these problems (and others, listed in http://www.mcg.org.br/cert.htm)
with the PGP management during two week-long visits a former Director and
their security architect made to myself while I was in Brazil in 1997/8. Some
of the problems I mentioned have been solved, others have remained. Some solutions
are indicated in the cert.htm paper, including the question of central administration
with its pros and cons. I think that PGP is a fine program for communication within a
small circle of friends but, beyond this which was the initial goal anyway, PGP does
not have the capabilities to do the job. However, PGP could be used as a component
in a system that would provide for a wider usage scope -- which, however, would require
IMO a radical re-design of the web-of-trust. Even though the web-of-trust seems to be
a pretty good part of PGP, IMO it is actually it's Achilles heel.
BTW, many lawyers like to use PGP and it is a good usage niche. Here, in the
North Bay Area of SF, PGP is not uncommon in such small-group business users.
Cheers,
Ed Gerck
