Scott Collins (collins@newton.apple.com) writes: (re AOCE, and who generates users' key pairs)

What I gathered from actually using this software is that you personally generate a key pair, on your own machine, and then transparently send your public key to RSADSI. Some time later, you receive a certificate (with an expiration date) that allows your 'signer' to function. RSADSI does not make, or even see, your private key.

and Mitch Ratcliffe (godsdog@netcom.com) writes, in E-mail: (posted with permission)

While Apple will not cop to this, it is my understanding that users will get certified keys from RSA. I have Very Good Sources on this. They can generate a key for use on their network, but as part of the vision of the paperless, collaborative economy, Apple believes you'll want publically- certified keys.

Well, Apple has failed to guess what I'll want. :) Perhaps the similarity of these two ideas (RSA generates keys & certificates, versus RSA gets public key & generates certificate) has generated confusion internally at Apple; I dunno. -- Greg Broiles greg@goldenbear.com Golden Bear Computer Consulting +1 503 342 7982 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764