I suspect the real danger would come from issuance of duplicate certificates. MasterCard conrols MarterCard numbers by issuing all of them (and I suspect that there is coding to separate MC from Visa from AmEx). Today, each person generates their own PGP key. While it is unlikely that any two will match, it is likely that at some point some two will match (see matching birthdays in a bar - number is less than you would think). Next rage might well be "vanity" PGP keys. While at the moment it is not known how to create a specific match key to a sequence, if you generate enough keys, there will be some interesting sequences found. Possibly some PGP signatures will even be in violation of the CDA (now that should start a rush 8*). For some time I have been concerned about the scalability of PGP. It works well in small groups but after trying once to create a 6,000 member keyring (took over three days on a 386 & was several meg when done) I decided that areas were going to need work to be a real anyone/anywhere/anytime mechanism. Not saying I have a good answer, just that at some point there will be a problem. Warmly, Padgett