At the end of 2004, my annual key expiration event was allowed to pass without genning a new key: nobody had sent me encrypted mail in ages [years], and being the prick that I am, I started a little game instead. I left the expired key on the .sig, and started the clock to see how long it would take for someone to notice. January 1, 2005 through February 25, 2008: about 3 years. I had fully expected a CP to be the lucky contestent, but alas, Cpunks dont bother with key management anymore - heck, we dont even bother with distributed email anymore AFAIK. Alas, the alert correspondent was a commercial software vendor who makes little widgets. I had made an inquiry about a mass purchase, and they noticed the [now profoundly] expired key, and decided to Do The Right Thing and encrypt. Only they couldn't, as the key was deader than dead: it was "Tim May Someone Needs Killing Dead". And, even better, they were nice enough to point it out, assuming I was unaware. I am BCC'ing this post to said vendor: you really did do The Right Thing, and I applaud you for it! That you are the only one to notice is, I hope, a sign of the attention to detail I will find in your widgets. So, CP Distributed Lists are dead. The list, singular is tottering, and has been for years, and now, I think I can proclaim Encryption Everywhere as Dead On Arrival. Even for so called crypto people. Tis a sad day in Eurasia folks. //Alif -- Yours, J.A. Terranson sysadmin_at_mfn.org 0xpgp_key_mgmt_is_broken-dont_bother What religion, please tell me, tells you as a follower of that religion to occupy another country and kill its people? Please tell me. Does Christianity tell its followers to do that? Judaism, for that matter? Islam, for that matter? What prophet tells you to send 160,000 troops to another country, kill men, women, and children? You just can't wear your religion on your sleeve or just go to church. You should be truthfully religious. Mahmoud Ahmadinejad