The never-ending GD discussion,part 74
blueness at gmx.net
Thu Oct 27 21:44:37 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Was Thu, 27 Oct 2005, at 10:51:22 +0200,
when Realos wrote:
[about the personal web pages for public PGP keys]
> Yes this may be the best of both types of servers. It seems to be a
> very small change in protocol.
Well, the protocols are of a secondary relevance in relation to
_purpose_ they should have to obey/abide to ultimately. The purpose of a
key server is to make possible a public access to the key(s), and very
desirable, in the form/condition the very owner wants them, the keys, to
Now, if the owner is not in the position to maintain the _own_ keys in a
way only s/he is, or should be, allowed to be (once the keys are
uploaded on some server without an authorization mechanism; or if they,
the servers, are limited/dysfunctional in some other way), then is quite
natural and normal to dismiss/revamp such protocols, and to replace them
with more efficient ones, which will serve the very _purpose_ better.
It is so because the protocols (and in the quite same way this what we
call "standards") are here to serve _me_, "the user", not vice versa.
Because, _I_ am the one who designs them, after _my_ needs, and I am the
one who assigns them a purpose. Once this basic fact, the origin of the
purpose, is "forgotten", we get standards and protocols which are
tending to "design" the user, which absolutely puts into disorder the
entire "system"; it becomes dysfunctional.
One of such badly considered attempts (to "design" the user after the
unleashed, `grown wild/mad', "standards/protocols") is the
recommendation, encouragement, and even sort of a pressure(?!) now and
then, addressed to the "users" to upload their keys on those badly
It actually _ruins_ the standards/protocols, simply because a _habit_ is
presented under the name "standard/protocol", not the real quality.
But this is already a _behavior_ which is much more a matter of a
psychology, a "social engineering", than of a _software design_. We
shouldn't have them mixed (up) overly. One thing are "technicalities" of
a software, and something pretty different is _how_ you'll use them. The
design of the software shouldn't "home" you which "standards" you'll
implement in your usage, but to allow you to _choose_ them yourself.
Well, as I said, once the _purpose_ is "forgotten" the "project" enters
confusion. Like the Earth which would decide someday to leave its orbit,
and to roam across the space on its own. (-:
This is the reason why is good to follow "the seed", the primary motive,
the purpose which defines all the rest, including protocols, "standards"
etc., or otherwise, if you would nurture what is called the seed of
apple, and then would see a banana growing from it, you would find
yourself in a state not very clear to you. (:
The seed of PGP, the Pretty Good Privacy (the Privacy!) is still in the
work of Phil Zimmermann. It's good to read _why_ he had made the PGP,
and to recall his advices and recommendations. Some of that might be
found in the 2nd chapter of "Intro To Crypto", titled "Phil Zimmermann
on PGP", and beginning with "Why I wrote PGP".
And, if we catch the essence, we can see that we can (and sometimes
_have to_) change and modify all sorts of protocols and standards, as
long and much as we are still "on the course", that is following the
This what is made bad, shouldn't be used, absolutely regardless what
"authority" "recommends" it or even insists on.
One of the very first instructions I give to those "beginners" who
"dare" to ask me for a help as to PGP, is "don't upload the key(s) on
any key server around". Except perhaps, if you are willing just to
experiment or similar. The _valuable_ ("serious") key(s) should be
maintained in a _valuable_ fashion. The personal PGP web pages are one
of pretty fine choices, while actually there are plenty others,
depending on the scenario _you_ write.
If you find that burying a public key in the ground, and giving the map
just to one or few other persons is what you find good/handy for you
(and them), then it is a valid protocol. (-: Various keys need various
In one thing just everyone should be absolutely sure: using PGP without
(enough) _thinking_ of it, is not good. Acceptance of unclear, shallow
or otherwise not functional answers/explanations, is not good. All the
things in PGP might and can be quite clear; and hence the explanations.
PGP keys nestled at: http://blueness.port5.com/pgpkeys/
~~~ For personal mail please use my address as it is *exactly* given
in my "From|Reply To" field(s). ~~~
"See ya" - Ray Charles
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users