At 11:06 AM 11/27/95 -0800, Raph Levien wrote:

As I see it, any system that does must have the following properties:

* Some variant on the Web of Trust.

* Online key-servers for getting keys in real time.

* A clean mechanism for validating keys through alternate channels.

There are three possible outcomes: we build it, the NSA builds it, or Microsoft/Netscape builds it.

Specs, anyone? I suggest a few requirements: Store the keys, and information about the keys in a *real* database (for windows apps, we can redistribute the Microsoft access and or the paradox database engines royalty free, and drive them through ODBC to minimize dependency on specific vendors.) Support tree of authentification: A key that is *named* Peter by Sam, or *named* Informix Corporation by the Delaware corporate registrar, shall be considered equivalent to any other key given the same name by same authority, whether that authority be Dark Unicorn, or the state of Delaware. This last property is essential if PGP keys are to be used as a basis for exchanging promises to pay and directives to pay. A very common use of this feature, pending the development of user friendly software that makes every man is own bank and his own credit rating agency, would be as follows: Sam generates a long key on a clean off line computer: He uses it to name itself Sam and to name several shorter keys "Sam". He then puts the private long key on a floppy disk and buries it in a hole in the ground along with his gold and his stash of SKS ammo, and most likely never uses it again. He publishes the long public key, and uses the shorter private keys for actual encryption. From time to time, he changes keys, without any disruption or inconvenience. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd@echeque.com