PEM, on the other hand, reveals in the clear who signed the message, outside of the encrypted portion. Also note that to be PEM compliant, you *must* always sign your messages. So much for anonymous encrypted messages... There are also performance concerns here. There is no reason to take

the substantial amount of time it takes to sign, if you don't want to sign a message. On the other hand, in terms of anonymity, you can always generate a self-signed key with TIS/PEM (I forget the exact term they use in the TIS/PEM docs, but you can just make yourself a certificate which doesn't really say anything about your identity). -- Mark Henderson markh@wimsey.bc.ca (personal account) RIPEM key available by key server/finger/E-mail MD5OfPublicKey: F1F5F0C3984CBEAF3889ADAFA2437433