-- I have produced a program that, like PGP, provides digital signatures and communications encryption. http://www.jim.com/jamesd/Kong/Kong.htm This is the first beta. Please beta test this product. The important difference between it and other products that provide digital signatures and encryption is that it is not certificate based. Instead it is signature based. This eliminates the steep initial learning and management curves of existing products. The user does not need use and manage specialized certificates except for specialized purposes The big complexity and user hostility in existing products is creating and managing certificates. Perhaps more importantly, it also eliminates the threat we saw in England, the threat of the government giving itself a monopoly in certificate distribution, potentially creating the Number-Of-The-Beast system, where you need a government certificate to log on to dirty picture sites, to buy, to sell, to put up web pages. The key feature of the proposed product is that any digitally signed document can be stored in the database, and itself performs the functions of a certificate, just as a normal handwritten signature does. The user usually does not need to check a document against a certificate to see if it was signed by the "real" John Doe. Instead he normally checks one document against another to see if they were both signed by the same John Doe. And similarly when he encrypts a document, he does not need to use a certificate to encrypt a message to the one real John Doe, he merely encrypts a message to the same John Doe who signed the letter he is replying to. At present people have to deal with certificate management problems regardless of whether they really need certificates. For example the most common usage of PGP is to check that two signatures that purport to be by the same person are in fact by the same person. Unfortunately you cannot check one signature against another directly using PGP or any of the other existing products. Instead you have to check both signatures against a public key certificate, even if the authentication information in that certificate is irrelevant to your purpose, which it usually is, which means that you have to download the certificate from somewhere, and the person signing it had to upload it somewhere. As PGP always checks a document against the certificate, rather than against any other document the user happens to feel is relevant to the question, the person signing the document needs to get his certificate properly signed by some widely trusted third party, which is too much trouble or too complicated for many people. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG z8/j/L3kF7oCmOp/iF2oh/pwgP/mATjOTUdv1uGy DlPh9Op11Z1CtFuByebVsk8yJo4WuUMuFk4S/TMp --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we are. True law derives from this right, not from the arbitrary power of the state. http://www.jim.com/jamesd/