I'm getting a bit tired of the rants on this topic to the Open-PGP list. Yes, there are problems, but the whole purpose of IETF review is to find solutions to problems. The PGP staff have some ideas on how business message recovery can be done. It seems there is a business need. It seems that they have thought about it, and made some effort toward implementation. What annoys me is that the PGP formats are now supposed to be "open", yet no proposed formats for this new "feature" have been documented for our review, and other folks' suggestions for a better K-of-N mechanism have been ignored. We don't even have the current formats. When will the PGP 5.0 internet-draft be ready for review? There is already a PGP 5.0 separation between signing and communication keys; why not have separate message storage keys? Why not have a K-of-N system for BMR? Why have a communication enforcement filter, when the only usage is supposed to be for recovering archival storage? Let us decide _what_ the goals are, _how_ to solve the problems, and _then_ decide the protocol details and formats to match the solution. WSimpson@UMich.edu Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32