From: dmandl@bear.com What's next, automated key-signing services? Yep. There are two purposes to signing a key. The first is to fix a bit pattern and have an assurance that it hasn't changed. The second is to attest to the mapping between a key and some entity. PGP, for example, very explicitly does both. It asks you when you sign a key if you're sure that the person is who is advertised. I consider this behavior broken, not the least because it's hostile to pseudonymity. This hardcoded policy hinders the use of PGP in other contexts. For email-only social contact (i.e. legally uninvolved) the attestations of personal mapping are unnecessary and sometimes downright undesirable. Some people may want them, true, and there will be a need for that mechanism, but it should not be the only choice available. An automated key-signing server can affix a sequence of bits perfectly adequately. So can digital timestamping algorithms, but they are not generally available. Suppose the existence of just two auto-signing servers. I, a pseudonym, send my key to each of these servers and get back a two signatures on my key. It is unlikely now that someone can spoof my key. The distribution for the signing keys of these servers must be done right, but since there are fewer auto-signing servers than things signed, more effort can be taken to do this, for example, by publishing some hashcodes in a book. Eric