v4-only (2003-03-09) keyanalyze results

Olaf Gellert og@pre-secure.de
Tue Mar 18 11:56:56 2003

Jason Harris wrote:
> What if there were no v2/v3 PGP keys?
> A v4-only keyanalyze analysis:
>   http://keyserver.kjsl.com/~jharris/ka/2003-03-09-v4only/
> otherwise using the same data as the full analysis for the same date:
>   http://keyserver.kjsl.com/~jharris/ka/2003-03-09/
> helps answer that question.
> Summary:  strong and reachable set sizes are reduced by about half.
> Of 1,829,065 keys, 1,662,070 are v4, ~91%.

Thanx Jason, very interesting. It seems that most of the
old-timers in security still use v3-keys (what sounds
perfectly reasonable if you follow the old general rule
of networking: be moderate in what you send, and be
complaisant in what you accept).

In the long run the v3-keys will be used less and less
for sure, but until now it seems they are still the
heart of the web of trust...


Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Consultant,                              Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og@pre-secure.de

        Course licensed from the CERT Coordination Center
       Creating Computer Security Incident Response Teams
                                  Muenster, July 10, 2003