We're looking at providing good tools for digital signatures on e-mail here, for users that are interested. We plan to make available PGP public keys in the student/staff X.500 directory, with suitable tools for retrieving keys, etc. A couple questions have come up that make me wonder what would be an acceptable service, at least given the environment that we have to work with. The first question has to do with key generation. One of the managers was of the opinion that we could do the key generation for the user, and either email or otherwise make the private key available to the user. The idea is to make it easy for the user to create their keys by providing a web interface, etc. BTW, we're running Netscapes Commerce server so we could expect at least 40 bits of protection (big deal, I know) on the passphrase transmission. The good enough part is due to the idea that we're running a couple of large multi- user machines, with all the risks those entail. Note also that we would not be keeping logs or otherwise compromising the keys ourselves, this would strictly be a user-friendly way to get people using signatures. We would also accept keys that users create themselves, this would only be one option. Second, the web of trust might also be useful, so we could sign users keys to certify them. Has anyone worked in an organization of some sort that has a structured approach to key certification using PGP? This is just in the preliminary talking stages at this point, but I thought I'd toss these 2 ideas out for comments to see what people here think. -- Kevin L. Prigge |"A computer lets you make more mistakes faster UofM Central Computing | than any invention in human history--with the email: klp@cis.umn.edu | possible exceptions of handguns and tequila." 01001101100010110010111|- Mitch Ratcliffe