On Thu, 2010-08-05 at 19:00 +0100, MFPA wrote: > This could be describing almost any social or work-related group! > (-;
Networking theory is like that. It takes a while to understand the math, but once you do you see applications everywhere. > I probably under-estimate the amount of churn - partly because few > people actually leave the group rather than just stop posting and get > culled at the next roll-call. It seems unlikely to me that key > management is the major reason people sign up and don't hang around, > since that also happens a lot in non-encrypted groups. Yes and no. Generally speaking, the number one reason why nodes drop out of networks is the benefit is exceeded by the cost. Or, in plain English, "it just isn't worth the headache." Marriages end for this reason. So do friendships. Political alliances come apart. Etc., etc. So the question isn't whether key management is the major reason why people sign up and don't hang around -- the question is more whether key management is a major expense which adversely affects the cost-benefit ratio. As an example, if I were to start posting tomorrow's winning lottery numbers to PGPNET, you'd hardly see any churn at all. The benefit is worth the cost. But, as you've observed, the network's purpose is generally social. It's pleasant, but it's not exactly winning lottery numbers. Returning back to general discussion about networks and OpenPGP, the usefulness of the information will be a (although perhaps not *the*) major factor which will drive the network's growth. The headache involved in key management will be a (although perhaps not *the*) major factor limiting the network's growth. > If nothing else, I think it is very relevant to where "not encrypted > to my key" appears on the scale from major problem to minor issue. See above. > Yes, you have made this very clear. Good. :) My thanks to the various PGPNET guys for being good-natured about this. The group is a good laboratory for discovering and understanding problems that arise in real-world OpenPGP deployments. > I guess there is a more scalable model of openPGP-encrypted mailing > list. Maybe members could encrypt to a group's key and the list-server > decrypt, then re-encrypt for the members? Some years ago I offered to write a tool for the group which would help manage the key problem. (Kind of.) The idea was to write a small Windows app that would automatically download the membership list once a day and update Enigmail's pgprules.xml file. This meant Enigmail users would no longer be maintaining per-recipient rule lists by hand (which is tedious, error-prone, and frustrating for newbies). The process would be entirely automated. It sounds like a great idea, up until you consider that even if the spam overhead problem is reduced by a factor of 10, that gain gets obliterated once a few more people join the network. The spam overhead follows an exponential growth. When dealing with exponential curves, linear reductions -- even large linear reductions -- are pretty much meaningless. Ultimately, the group decided not to take me up on the offer -- the overwhelming opinion was that they'd rather get experience editing pgprules.xml by hand. C'est la vie. :) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
