I hope this isn't redundant; if this idea has been covered, sorry. Wouldn't it make sense for remailers to use OTP's for encryption? Public keys are great, but they can be black-bagged. I'd imagine that a copy of the private key to a popular remailer could be very valuable to anyone who could monitor remailer traffic transparently. A one-time pad on CD-ROM should hold enough pad data to last for several days' worth of data sent between remailers, even at high message volumes. So OTP's could be used practically between friendly remailers. Do existing remailers change their public keys often enough to limit exposure by their users in the event of the key being compromised? If so, perhaps I should be less concerned than I am. Nevertheless, I'd like to be able to talk to a remailer via a one-time pad. The OTP could be sold to remailer users as a means of generating revenue (a OTP CD-ROM could be made for about $20 and sold for a very reasonable price but still be profitable!) Once the OTP is used, it can (and should) be destroyed. On the other hand, data encrypted with a public key is vulnerable to black bag attacks on that key, as I just said. The cost of burning CD-ROMs is going down pretty rapidly. Wholesale cost of a burning mechanism should be well under $1,000 within the next year or two, and RNG hardware is coming online too. Blank media runs $15-$20, although Kodak sells PhotoCD media cheaper, at a loss, to developers who promise to use the discs for PhotoCD images ;) I don't really have anything in principle against the use of public keys for remailers; it would just make me feel a bit easier about their security if the private key couldn't be black-bagged with a using them if my communication to them couldn't be black-bagged with a simple bug that transmits the private key. I'd imagine a bus snooper chip could be made easily enough that could look for instruction and data flow corresponding to keys, and transmit it over low bandwidth channels to a listening station. I find it harder to imagine a device that could tap an entire data stream from a hard drive and transmit the complete contents undetected (assuming the remailer operator checks for bugs.) Now for a discussion on how to get a OTP CD from Finland without having the mail intercepted... nahh, never mind. - Jim Nitchals