[conspire] Offering GPG/PGP Workshop at CABAL
Rick Moen
rick at linuxmafia.com
Thu May 15 10:57:35 PDT 2008
Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):
> That is way too obvious to mention. I was instead asserting that the PGP
> model is wholly inadequate for the above-stated purpose with regard to GPG
> _even assuming every e-mail user on Earth could magically be able to use
> it properly_.
I agree that it sucks -- but so far consider every alternative worse.
> Ah, now we've come to the quux of the matter: The above assertion is
> absolutely false. There _is_ a scaling bottleneck at _every_ point when
> using GPG. The investigation I mentioned above consisted of an attempt to
> traverse the keys then in my pubring.gpg file as a tree, adding to the
> file every key which was used to sign any key already in the file.
> Evidently, upon every invocation, the gpg command parses the entire file,
> because I found that as the file grew, the wait after invoking gpg before
> gpg would respond in any way also grew.
This _would_ be a problem if people routinely were each obliged to keep
hundreds of keys / signatures in a single GnuPG keyring. However, that
seems a rather rare usage scenario. (You pretty much went out of your
way to create an artificially large keyring for experimental purposes.)
I've never had to handle very large keyrings, myself. However, if I
did, I suspect I'd just find a way to use PKS
(http://pks.sourceforge.net/), which, unlike GnuPG and its keyring
store, is designed to efficiently handle thousands of keys and
signatures.
More information about the conspire
mailing list