If the MITM is really mean, he can overcome some of the suggestions I offered for how credentials can be used to defeat him. First, he could cause the user to download bad software. PGP, Netscape, and other secure programs could be patched to have holes. Even the checksum program could be altered so publishing checksums won't help. With this attack he would not even need to substitute keys; he can just make sure that the fake PGP picks guessable session and secret keys. Alternatively, he could defeat the use of key certificates which bind names to keys by the simple strategem of substituting the name of the user when he substitutes his keys. If Alice has all of her posts appearing under the name of "Bob" unbeknownst to her, then if Bob is the MITM he can get a certificate and publish it. All the messages which refer to "Bob" get changed to refer to "Alice" as they are passed from the net to her, similar to the key substitution which would also have to be done. If Bob's name were a bit unusual this could be done with a simple script. So even fully valid key certificates may not be effective against MITM attacks of this type. Hal