I've notice an interesting pattern in how security mechanisms are named. On the one hand, we have some security features with very impressive sounding names: Certification *Authority* *Authorization* *Trusted* Server *Master* Key etc. These words fill most people (many on this list are exceptions) with awe and good will towards the feature so named. They also make good channel markers, pointing out the _insecure_ parts of the system. The effect is to cover up the lack or inadequecy of a mechanism with invocations that put your brain to sleep. This is quite lucrative for marketing purposes, but it works on many designers of security features as well! On the other hand, when we isolate the actual mechanisms of a system are in fact mathematically secure, we get names like: Encryption Blinding Message Digest Mix Capability These are just plain, boring words, with no connotation that we should trust them like we trust our big brother. They just work. Nick Szabo szabo@netcom.com Internet Commerce & Security consulting -- e-mail for details