Perry has repeated a litany here that I have been hearing for years on the pem-dev list with never a hint of a justification. That is that PGP does not scale well. One of the reasons that I consider this to be untrue is my empirical experience with two groups that are constantly interested in exactly who I am: the government and the credit bureaus. They both chose to use my SSN even though that has all the same attributes of a KeyID, except that it is somewhat denser. Now if this is what happens when the real world tries to identify me, why is the KeyID such a bad way to identify keys? Please note that I do understand that identifying me and finding me are separate issues. I'm not sure that the pem-dev folk clearly discriminate these. Peace. Tom