Just a comment on this business of whether we need certification of the True Names of people we deal with: I've dealt with "in person" maybe 60 to 100 of the people on this list (at one time or another). In no cases--not a single one--have I made elaborate checks to confirm that people are who they claim to be. A few driver's licenses have been flashed at meetings, but I didn't look closely. Maybe a passport was even displayed, but, again, I didn't look. And documents are readily forged. This has relevance to the thread Michael Froomkin raised, as well. To wit, none of the people I've met has been "certified." And yet it doesn't bother me. As Bill Stewart correctly claimed is my view, the "key is the identity." Or, more accurately, a _persistent personna_ is what matters. Thus, I don't need to "verify" that "Eric Hughes" is "really" Eric Hughes, and is not actually Fritz Doppelganger, assigned to Berkeley by the BND. I really don't care about the so-called "reality." (Sorry for all of the "quotes," but all of these terms are heavily laden with connotations which bear deconstructing.) My experiences are the norm, I think. Identity credentials are rarely checked, and most people don't care too much. (An important point is that in a cash economy, identity is almost irrelevant. It's only in non-cash, or "account-based," economy that True Names are demanded. Lots of interesting issues to discuss here, which I won't now.) The "web of trust" model is really the normal way people go about their business. I knew someone once introduced to me as "Hugh Daniel," and he eventually introduced me to someone calling himself "Eric Hughes," and so on. Introducers, webs of trust, etc. What their "real names" are makes little difference. (Besides, their Real Names were written on flat stones on the 3rd day after their births and placed in a safe place known only to the Great Bird.) I never use the web of trust model in PGP. I get so few PGP messages that it's enough that people I know give me their keys. So I concede that the web of trust model in the PGP world may or may not scale well. (In the sense of tens of thousands of folks establishing a "web of trust.") But the _basic_ idea of self-arranged transfers of keys and local networks of friends is right on. This is why I don't worry too much about the need for government-authenticated keys and True Names. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."