v4-only (2003-03-09) keyanalyze results
Olaf Gellert
og@pre-secure.de
Tue Mar 18 11:56:56 2003
Jason Harris wrote:
> What if there were no v2/v3 PGP keys?
>
> A v4-only keyanalyze analysis:
>
> http://keyserver.kjsl.com/~jharris/ka/2003-03-09-v4only/
>
> otherwise using the same data as the full analysis for the same date:
>
> http://keyserver.kjsl.com/~jharris/ka/2003-03-09/
>
> helps answer that question.
>
> Summary: strong and reachable set sizes are reduced by about half.
>
> Of 1,829,065 keys, 1,662,070 are v4, ~91%.
Thanx Jason, very interesting. It seems that most of the
old-timers in security still use v3-keys (what sounds
perfectly reasonable if you follow the old general rule
of networking: be moderate in what you send, and be
complaisant in what you accept).
In the long run the v3-keys will be used less and less
for sure, but until now it seems they are still the
heart of the web of trust...
Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Consultant, Consulting GmbH
Phone: (+49) 0700 / PRESECURE og@pre-secure.de
Course licensed from the CERT Coordination Center
Creating Computer Security Incident Response Teams
https://www.pre-secure.de/ms09
Muenster, July 10, 2003