Jeff Weinstein wrote: | I think the old idea of a certificate just binding a name and | a key is turning out to not be very useful. That is why Netscape | Navigator 2.0 will support x509 version 3 certificates. They allow | arbitrary attributes to be signed into a certificate. In this new | world, you can think of a certificate as a way of binding a key with | various arbitrary attributes, one of which may be(but is not | required to be) a name. I'm a bit behind on the X.509 discussion, but does version 3 resist the attack Ross Anderson mentions in his 'Robustness Principles' paper in Crypto '95? (The paper can be found in ftp.cl.cam.ac.uk:/users/rja14/robustness.ps.Z The wcf.ps.Z is his 'Why Cryptosystems Fail' paper, and both are well worth reading.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume