Gnupg good for big groups?

MFPA expires2010 at
Sat Aug 7 19:58:09 CEST 2010

Hash: SHA512


On Thursday 5 August 2010 at 11:32:37 PM, in
<mid:1281047557.13753.19.camel at ubuntu>, Robert J. Hansen wrote:

> So the question isn't whether key management is the
> major reason why people sign up and don't hang around
> -- the question is more whether key management is a
> major expense which adversely affects the cost-benefit
> ratio.

Fair enough.

> As an example, if I were to start posting tomorrow's
> winning lottery numbers to PGPNET,

If you have them, could you PM them to me, please? (-;

> Some years ago I offered to write a tool for the group
> which would help manage the key problem.  (Kind of.)
> The idea was to write a small Windows app that would
> automatically download the membership list once a day
> and update Enigmail's pgprules.xml file.  This meant
> Enigmail users would no longer be maintaining
> per-recipient rule lists by hand (which is tedious,
> error-prone, and frustrating for newbies).  The process
> would be entirely automated.

> Ultimately, the group decided not to take me up on the
> offer -- the overwhelming opinion was that they'd
> rather get experience editing pgprules.xml by hand.
> C'est la vie.  :)

Whether fully automated or ran on demand, I'm quite surprised *nobody*
was interested. I don't use Thunderbird/Enigmail, so it wouldn't help
me; I make use of jasontik's group line generator to update the group
line in my gpg.conf after roll-calls or after a period of absence from
the group - other than that I just edit that line manually to add or
delete the odd key ID.

> It sounds like a great idea, up until you consider that
> even if the spam overhead problem is reduced by a
> factor of 10, that gain gets obliterated once a few
> more people join the network.  The spam overhead
> follows an exponential growth.  When dealing with
> exponential curves, linear reductions -- even large
> linear reductions -- are pretty much meaningless.

I take it the "spam overhead problem" you refer to is things like "not
encrypted to my key" messages?

- --
Best regards

MFPA                    mailto:expires2010 at

A closed mouth gathers no foot


More information about the Gnupg-users mailing list