[2724] in cryptography@c2.net mail archive
Re: Secure Office
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Wed May 20 12:05:05 1998
To: Bill Frantz <frantz@netcom.com>
Cc: Adam Shostack <adam@homeport.org>, fod@brd.ie (Frank O'Dwyer),
cryptography@c2.net
From: Marc Horowitz <marc@cygnus.com>
Date: 20 May 1998 11:46:28 -0400
In-Reply-To: Bill Frantz's message of Tue, 19 May 1998 20:35:17 -0800
Bill Frantz <frantz@netcom.com> writes:
>> At 11:04 PM -0800 5/16/98, Adam Shostack wrote:
>> >| >Another point of trivia: the PGP keyservers have fewer than 200,000
>> >| >keys on them. This is a lot, but it's a tiny fraction (1%?) of global
>> >| >internet users.
>> >| >
>> >| > Marc
>> >
>> > I have upwards of a dozen keys (mostly expired). I've put
>> >very few on the key servers. Having just checked, none of the people
>> >I work with who have keys have them on the servers. I suspect its a
>> >"I don't know what that means, so no." sort of response to the
>> >keyserver question.
>>
>> Also, there are a number of attacks you can prevent by not allowing your
>> opponent to have your public key. If you are paranoid, you might decide to
>> treat your public key as a "need to know" item.
pgp5 automatically offers to upload keys. My experience is that many
users do this. If those of us up here in the ivory tower don't, the
government doesn't care, because we're not who the government is
worried about.
I can present anecdotes, too. Most of the people I exchange PGP
messages (but admittedly not all) put their keys on the servers.
Individual anecdotes from the crypto elite (that's us) don't have any
statistical weight.
There are PGP Inc, I mean, McAfee, I mean, Network Associates
employees on this list. Are your sales numbers public? How many
copies have you sold? Comparing *that* number to the size of the
public keyring is what's important.
Marc
