Mr. May:
Frankly, the PGP community veered off the track toward crapola about standards, escrow, etc., instead of concentrating on the core issues. PGP as text is a solved problem. The rest of the story is to ensure that pass phrases and keys are not black-bagged.
Forget fancy GUIs, forget standards...concentrate on the real threat model.
What is the real threat model? Everybody has different worries. I'm not a bookie, I don't do work for the mob, I don't spend more than I earn. My biggest threat is (1) financial (stolen credit card numbers, or other form of credential fraud) (2) Political--that comments here and other places get me the list of "People To Take Care Of Later". The first threat can be dealt with by "cheap" crypto deployed everywhere--to co-opt one of RAH's phrases--a "Geodesicly encrypted network. In a network where every single stinking bit on the wire is encrypted at as many layers as possible, even with "10 cent" crypto will virtually eliminate (by making it more expensive) many of the low level financial threats. Yes, big banks and large financial institutions need stronger crypto, but they can multiple-encrypt, write their own protocols etc.). The second threat would be made much harder by the encrypt everything all the time type of network, if I weren't so thick headed as to insist on using my Real Name. This is presumably what the "PGP Community" veered off towards. Unfortunately, they've done a half-assed job so far. -- A quote from Petro's Archives: ********************************************** "Despite almost every experience I've ever had with federal authority, I keep imagining its competence." John Perry Barlow