U> From: pmetzger@shearson.com (Perry E. Metzger) U> for the life of me understand why. The only way to know U> for sure that someone's key is theirs is a signature from U> a trusted introducer anyway, so people can just ask each U> other in clear for public keys and it doesn't do a lick of I think it is valuable for a number of reasons, none of which are traditional encryption reasons. One: Mostly, in my world, I don't need SECURITY, I need PRIVACY. A paper envelope sealed with water-soluble glue is just fine. It stops casual snoops, like the lock on your car door does. None of which will stop a determined thief, but like Eric says, it's economics -- this level of security is inexpensive as hell. Two: it gets people introduced to the very basic concept that there *is* privacy (security) available, and possible. In the FidoNet, and the BBS world, this is important. Three: In FidoNet, we've got 16,000 sysops, doubling every 18 months, worldwide. Traditional key systems are not only wildly impractical, they're unnecessary for traditional reasons -- who much security to I need to talk to someone 5,000 miles away I've never met? Four: If I need *real* security, I will (or better!) obtain keys in "traditional", secure ways. I can plug these keys into my casual privacy system, which will hopefully encompass the technological mechanisms of en/decryption, signing, plaintext handling, and all the assorted baggage we'll have to drag around anyways. Five: it will entrench some disasters; bum, or faked keys, humongous duplicates, inexperienced people forgetting their secret pass phrases so they can't even issue key-removal certificates (this has happened already; its a MAJOR pain in the ass), one "person" with a zillion IDs, inconsistent IDing, etc etc etc etc etc. Oh well. In fact, no system gets implemented right. Period. To pretend it will is folly. Because of the nature of the beast (patents, feds looking for backdoors, stupidity, centralist, authoritarian types trying to exert control, etc, I'm pushing, hard and fast, to get systems set up LIKE CRAZY of all sorts, with all of them being completely distributed and decentralized. Sufficiently Paranoid. --- ReadMail * Origin: World Power Systems / FidoNews / San Francisco CA (1:125/111) -- Tom Jennings - via FidoNet node 1:125/555 UUCP: ...!uunet!hoptoad!kumr!fidogate!111!Tom.Jennings INTERNET: Tom.Jennings@f111.n125.z1.FIDONET.ORG