From: Nathaniel Borenstein <nsb@nsb.fv.com> The work involved in adding optional cryptography is much more than you might think, particularly because of our internal security architecture. Basically, without going into a lot of details, the FV crypto-engine would have to live on the non-Internet machines that are not in our direct control, and this would enormously complicate the limited (batch!) communication we facilitate between the Internet and non-Internet machines. The perceived need for crypto "below the line" comes from the viewpoint that the system needs to be completely secure because crypto failures must be prevented at all cost. Rubbish. The subsequent claim that you couldn't possibly put crypto on the Unix boxes which are in your control is therefore also bogus. Let's assume that FV were to have a customer agreement that did not contain an implied warrantee of identity for a digital signature. Therefore if the crypto gets hacked it's just as if the email system gets hacked. Therefore keeping public keys (we're not talking about FV actually signing anything) above the line on a Unix box is no different than trusting the mailer on that same Unix box. I really don't believe FV would have to put crypto on EDS equipment. The crypto option is one we're very interested in adding eventually, but at this point it would be a major strain on our resources. I think you are far overestimating what it would take. Moreover, frankly, if we did it, that would only serve to mix our message in many peoples' perception. It's hard enough explaining to reporters that "we've discovered that crypto isn't needed for commerce." Their chance of understanding our message would NOT be enhanced if we then added "but we're providing crypto as an option anyway." The message that it's "not necessary for commerce" is reactionary to the assertation that it is necessary. By positioning FV in an adversarial role with respect to cryptography, you'll have the same problem no matter when you introduce crypto. I personally think you'll have a harder time changing your position later, after more people have been exposed to FV's current position. A much better public position is that "you can do commerce with or without crypto", which asserts independence rather than negation. These two public positions are _not_ identical; they are similar, but don't be fooled by some positivist notion of denotation into thinking that they're the same. Eric