People continue to post PGP keys that are not vouched for by anyone. E.g. none of the keys for remailers has any signatures. This makes it impossible to trust those remailers, since anyone could have generated such a key and sent it through a remailer saying it was from someone else. If you put up a remailer service, sign its key with your personal key, at least. Preferably get a few other people to sign it (by showing them that they key is really the one used in the remailer, in person). If you generate a key for yourself, don't just post it -- take it to a friend, and cross-sign each others' keys. If you do that a few times, then you can post it, and the receipients are likely to know one of those friends, possibly trusting them to certify your key. John