Look at the success RSA has had with Apple building their certification structure into System 7 Pro. There was discussion on sci.crypt about whether PGP (or any non-hierarchical certification structure) could be used, and the consensus seemed to be that the hooks aren't there. If you want to inter-operate with this software, which will presumably be widely available in the future, you will have to join the official certification hierarchy. So long, web of trust. Now, this approach does seem vulnerable to reverse-engineering the OS, getting in below the software layers which you are supposed to use, to defeat the restrictions the software is trying to place on you and have built-in encryption of your choice. But this will be a big job. Still, maybe the best approach when MSoft comes out with this encryption built- in will be to get software out which will bypass it while still using the other value-added features like hot links, automatic encryption/ decryption, etc. Otherwise they may well succeed in getting a de facto standard into place which does not protect individual privacy. Hal