Gnupg good for big groups?

Robert J. Hansen rjh at
Thu Aug 5 02:57:08 CEST 2010

> fall considerably short of the mark. In a friendly, social forum like
> PGPNET, I would characterise these "very big problems" more as minor
> issues and/or learning opportunities.

I'm not going to try to tell you what your feelings on the issue should be.  However, I strongly suspect that rather than being a minor issue this is in fact the largest issue shaping the group's development.  It's kind of like gravity.  You don't notice it very much, but it shapes your entire universe.

Completely connected graphs tend to evolve along similar lines.  So long as it remains under a certain membership level the communication overhead is tolerable.  Add one or two people past that and it becomes intolerable.  People drop off the network because it's stopped becoming useful to them.  The ones who leave tend to be the ones who have derived the least benefit from being part of the network -- their tolerance is not as much as those who have gained from being part of the network.  The effect of this is that churn tends to be among new members, not among long-standing ones.

Once the network shrinks to a state of usability, people stop leaving.  More people sign up, and more people leave.  Etc., etc.  This is all pretty basic networking theory, and it's why completely connected networks are rarely used in the real world.  You can only build it out so far before hitting a brick wall of self-limiting behavior.

> It's really no big deal

It's no big deal *for you*.  If you want to make a blanket statement of it being no big deal, you need to take into account the churn on the periphery: all those people who joined and then left because the key management problem was nontrivial.

> Remember, the communications are neither urgent nor important.

That's not especially relevant.

>> A couple of years ago at USENIX Dan Wallach of Rice
>> University talked about his difficulties getting 30
>> Ph.Ds in computer science to all communicate on an
>> OpenPGP-encrypted mailing list.  His precise phrasing
>> was, "it was the torment of the damned."
> Maybe the issue is that he was getting them to do it, rather than them
> choosing of their own volition.

The network was entirely voluntary.  Only way to do it, really.  I'd like to see anyone get thirty Ph.Ds to do something in concert which they didn't want to do -- I'd rather try and teach manners to a cat.

> Some new members on PGPNET seem to have great difficulties; they overcome
> them or give up. Most are able to master it fairly quickly, with help and
> guidance from existing members as requested.

I suspect if you look at the churn you'll discover many are not able to, and leave for that reason.

Again -- my remarks here are not meant to be critical of the mailing list.  Nothing of the sort.  People who are on the list and like it should stay on it and I hope they keep liking it.  My remarks here are of general applicability to completely-connected graphs.  The stuff I talk about here is the sort of stuff you can expect to occur on any large OpenPGP-encrypted mailing list.  I really don't want to give the impression I'm turning this into a referendum on PGPNET's existence.

More information about the Gnupg-users mailing list