GnuPG, Winblows, Speed, Key Management

Werner Koch
Thu, 28 Dec 2000 14:37:36 +0100

On Wed, 27 Dec 2000, Toni Mueller wrote:

> - Problem #1: There appears to be no good Winblows interface for it,
> or at least no good way to hook it into Outlook, IE, Netscape there,
> what have you.
All I can say is that we are really working on it.
> - Problem #2: It's dog slow. I have still less than 300 keys in my
> keyring (expecting to double that soon), and often find myself
> interrupting gpg to read the message instead of waiting to verify
> the signature. Similar things hold for signing or encrypting a
> message.
The problem with the slowness is not related directly to crypto but due to 2 things: 1) Sequentiell parsing of the keyring, which is a minor issue for a few hundred keys and PGP does the same. 2) The way gpg calculates the trust which sometimes badly interfere with programs calling gpg. It is slow for the first time you use one key but then it should be faster unless you import new keys. This will be addressed in 1.1
> - Problem #3: I have adjusted gpg to fetch keys on demand from a
> keyserver. My experience is that these key servers apparently
> don't synchronize their data sets in a reasonable time frame
> (weeks!), so I end up fetching keys from varying servers. This
> is __very__ inconvenient, and of course unsuitable to the casual
> Winblows user. How do I go about this?
The keyservers do syncronice but the software used by most keyservers has major problems. Although I don't like to say this, the NAI keyserver ( and work much better and can now cope with all kinds of OpenPGP keys. There is still some garbage on the keyservers which may give problems for some keys.
> - Problem #4: What to do in the face of massive distribution and
> promotion of Sphinx which is also _not_ interoperable with any
> kind of PGP?
Come on, Sphinx[1] is just another governmental try to establish a new infrastructure - Does anybody remember OSI? It is the reason that there used to be no real Internet connection in Germany for a long time. The folks at the University of Dortmund initially gave us TCP/IP access using an guerilla approach. Werner [1] German project for secure communication devoleped on behalf of the BSI and IIRC mainly driver by the need to encrypt the communication between Bonn (old capital) and Berlin. There is no source, it uses hardware and it is not easy to get real info about it due to a "need to know" policy. -- Archive is at - Unsubscribe by sending mail with a subject of "unsubscribe" to