GnuPG, Winblows, Speed, Key Management

Werner Koch wk@gnupg.org
Thu, 28 Dec 2000 14:37:36 +0100 

On Wed, 27 Dec 2000, Toni Mueller wrote:


> - Problem #1: There appears to be no good Winblows interface for it,

>   or at least no good way to hook it into Outlook, IE, Netscape there,

>   what have you.


All I can say is that we are really working on it.


> - Problem #2: It's dog slow. I have still less than 300 keys in my

>   keyring (expecting to double that soon), and often find myself

>   interrupting gpg to read the message instead of waiting to verify

>   the signature. Similar things hold for signing or encrypting a

>   message.


The problem with the slowness is not related directly to crypto but
due to 2 things:

  1) Sequentiell parsing of the keyring, which is a minor issue for
     a few hundred keys and PGP does the same.
     
  2) The way gpg calculates the trust which sometimes badly interfere
     with programs calling gpg.  It is slow for the first time you
     use one key but then it should be faster unless you import new
     keys.  This will be addressed in 1.1



> - Problem #3: I have adjusted gpg to fetch keys on demand from a

>   keyserver. My experience is that these key servers apparently

>   don't synchronize their data sets in a reasonable time frame

>   (weeks!), so I end up fetching keys from varying servers. This

>   is __very__ inconvenient, and of course unsuitable to the casual

>   Winblows user. How do I go about this?


The keyservers do syncronice but the software used by most
keyservers has major problems.  Although I don't like to say this,
the NAI keyserver (keyserver.pgp.com and wwwkeys.nl.pgp.net) work
much better and can now cope with all kinds of OpenPGP keys.  There
is still some garbage on the keyservers which may give  problems for
some keys.


> - Problem #4: What to do in the face of massive distribution and

>   promotion of Sphinx which is also _not_ interoperable with any

>   kind of PGP?


Come on, Sphinx[1] is just another governmental try to establish a
new infrastructure - Does anybody remember OSI?  It is the reason
that there used to be no real Internet connection in Germany for a
long time.  The folks at the University of Dortmund initially gave
us TCP/IP access using an guerilla approach. 


  Werner
  

[1] German project for secure communication devoleped on behalf of
the BSI and IIRC mainly driver by the need to encrypt the
communication between Bonn (old capital) and Berlin.  There is no
source, it uses hardware and it is not easy to get real info about
it due to a "need to know" policy.

-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org