From: Alex Strasheim <alex@omaha.com> re: signature checking at the toad.com server It seems to me that such a rule would stifle discussion and encourage people to store their keys on insecure accounts. Good! That means they'll have generated a key. One of the problems with cryptography generally is a prevailing attitude that crypto isn't worth using unless it provides security as complete as it can offer. I reject this attitude. Partial security is better than no security. Protection against some threats is better than no protection. Storing a key on a public machine is OK, just fine, hunky-dory, just so long as it doesn't induce false beliefs about a lack of protection from sysadmins and other roots. The real solution is to try to build tools which will make it so easy to use crypto that there's simply no reason not to do it. Sure. No argument. I will disagree, however, with a conclusion that insists that these tools have to be the first to be built. Partial progress is desirable. Or to put it the words of the old homily: Don't let the best become the enemy of the good. Eric