-----BEGIN PGP SIGNED MESSAGE----- A few months ago, I posted an excerpt from a MacWeek article re AOCE (Apple Open Collaboration Environment), a collection of services to be integrated into the Mac OS to facilitate groupware apps. The MacWeek article said that users would receive their public keys (to be used for digital signatures on documents) from RSADSI, instead of generating them themselves. Scott Collins wrote to disagree, saying that the AOCE software he'd seen didn't work that way. I E-mailed the author of the original article, who stood by what he wrote, saying that "very good sources" said that the keys would be provided to users by outside, allegedly trustworthy, sources. According to the 11/93 Macworld, users will not, in most cases, generate their own key pairs: "When you receive a signed digital document, how do you know that the signature is legitimate and that it isn't from a pretender? In many ways, your digital signature is similar to a credit card; it is issued by a known authority, it has an expiration date, and you can verify its validity. To get your own digital signature from RSA, you take a form to a notary public, who verifies your identity, notarizes the information on the form, and then mails the form to RSA. Based on the notary public's authority to say you are who you claim to be, you eventually receive a disk in the mail with your personal electronic signature. Your electronic signature has a two-year expiration date, and includes some verification information. If someone wants to make sure your signature is valid, he or she contacts the issuing authority listed in the certificate. There will be issuing authorities other than RSA. For example, Apple Computer's security department plans to issue signatures to all Apple employees with employee badges." "AOCE, Apple's plan for groupware", Macworld, 11/93, p. 167. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLMtl4X3YhjZY3fMNAQHyFwQAgz42oEoWb3okT1pZt/buyIhpPls8hMFT WzvhVYSxQnaYzRz5jHRl0YdLUivW71dgHWTKffasZhMAd05Bn3t6m3LTz8zPc4sx LfgN4yvFTl/foepVegzMZPPoDnhb5Sp46cAC0O3+fgaCrmasZaoHIWNBRKsz0wnv hh07sCIsswM= =6i+9 -----END PGP SIGNATURE----- -- Greg Broiles greg@goldenbear.com Baked, not fried.