PGP Is 15 Years Old

← Back to Stories (view on slashdot.org)

Posted by ryuzaki0 on Wednesday November 15, 2006 @01:08PM from the happy-secure-birthday dept.

An anonymous reader writes "PGP Corporation salutes the 15th anniversary of PGP encryption technology. Developed and released in 1991 by Phil Zimmermann, Pretty Good Privacy 1.0 set the standard for safe, accessible technology to protect and share online information."

7 of 119 comments (clear)

Min score:

Reason:

Sort:

too bad by Lord+Ender · 2006-11-15 13:12 · Score: 2, Interesting

Unfortunately, in the real world, 99% of email users can not or do not want to maintain a web of trust. That is why S/MIME is going to kill the PGP market. PGP/MIME is only big because it was first on the scene.

Hell, even mutt supports S/MIME. Imagine SSL with a web of trust--yuck!. PKI is the way to go...

--
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
1. Re:too bad by poliopteragriseoapte · 2006-11-15 13:20 · Score: 4, Interesting
  
  I checked, via pgp.mit.edu. In my university, with 16000+ people, I am the only one with a PGP key signed by someone outside of my university, and I think that no more than 20 people have a PGP key uploaded to pgp.mit.edu. And there is simply NO WAY I can convince staff (or pretty much anyone) to accept my PGP-signed emails as something especially valuable (and as a replacement for a paper signature), or to send me confidential information via encrypted email instead of having me go pick up paper folders somewhere. On the other hand, everybody seems to accept as "signed" the pdf letters I produce, which include a photographed copy of my signature. I have given up.
2. Re:too bad by Llanfairpwllgwyngyll · 2006-11-15 13:28 · Score: 2, Interesting
  
  "PKI - there is no P and no I.... in practice it is just a bunch of K...." - me
  
  S/MIME is great. Inside a single organisation. But beyond that.... forget it. And I have seen many MANY attempts across MANY serious organisations.
  
  Webs of trust are not the only trust model PGP can implement. In the serious business world, PGP Universal is making steady progress; policy driven, nice and easy for the users. Of course, it supports S/MIME too for all the poor souls in external organisations stuck with that :-)
S/MIME has been around a long time too by Beryllium+Sphere(tm) · 2006-11-15 13:30 · Score: 4, Interesting

And it has not killed the PGP market or even gotten major traction. What percentage of your legitimate incoming email is S/MIME signed? Even from your bank?

Also, bear in mind that CA-based PKI is a strict subset of web of trust.

The lesson is that crypto goes nowhere in the market unless it's as transparent as TLS.

>can not or do not want to maintain a web of trust

PKI shouldn't be difficult, but from what I've seen it does seem to be beyond human comprehension.
Too bad it isn't better integrated into things by Soong · 2006-11-15 13:55 · Score: 4, Interesting

Once upon a time I generated a key, and discovered there was no one around to swap keys with. My best guess is that it has never been common enough or easy enough to get started. It needs to be as easy as hitting send on an email, automatically sign it, and if the recipient is known to have a key then encrypt it to them. I could be bothered to go through some hassle to get this going, but I think most people don't care enough and probably most of their email doesn't matter enough to bother with encrypting or signing. I still wish it was more common though.

--
Start Running Better Polls
Speaking of PGP... by FooAtWFU · 2006-11-15 14:04 · Score: 2, Interesting

... can anyone recommend any good Windows XP PGP/GPG-type tools? You used to be able to download a little cute PGP program as freeware to sit in your tray, hold your key, and encrypt/decrypt a window or the clipboard. Now all I can find like that is WinPT, and while it's serviceable for me, it's also incredibly ugly and not very refined, and is confusing by comparison. Gak! You can still download the old PGP freeware versions but they refuse to run on WinXP - there's just a 30-day trial out there now.
If there's one thing that annoys me it's when a program disappears like that...

--
The World Wide Web is dying. Soon, we shall have only the Internet.
PGP didnt Invent RSA encryption by EEPROMS · 2006-11-15 15:19 · Score: 2, Interesting

I remember watching an English documentary about 5 or so years ago on the history of encryption and cyphers. One thing I remember was how the RSA public and private key encryption wasn't invented by PGP even though they were awarded a patent , it was invented by an english researcher while working for one of the many U.K government secret service shadow projects at the time. The UK security services have been using RSA encryption for many years before PGP ever figured it out but wouldn't admit to this fact because it would assist the Russians efforts to decrypt messages sent by the UK secret service.

So even though PGP got the patent for this technology they were not the first to invent it.