I'd recommend DRM (I think what you really mean is Palladium, err, excuse me, the Trusted Computing Platform Alliance, see the web site and Ross Anderson's take on it) to my grandmother, because I don't trust her to understand the implications of clicking on something in an email (thank you active content!). Many OSes don't allow ordinary users the privileges of compromising their security so easily as Microsoft. I suppose we can rely on vendor-written code to do approximately what it claims to do, most of the time, but have you actually read the claims in EULAs and Privacy Policies lately? It seems like you'd be trading one set of problems for another. Personally, I'm less suprised by my own software (and, presumably, key-handling) than vendor software, most of the time. I think TCPA is about control, and call me paranoid, but ultimate control isn't something I'm willing to concede to any vendor, or for that matter any other person. I like knowing what my computer is doing, to the bit and byte level, or at least being able to find out. -- http://www.lightconsulting.com/~travis/ -><- "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B