Here's a quote from Bill Gates' book: The mechanism that will make this possible is based on mathematical principles, including what are called "one-way functions" and "public-key encryption." These are quite advanced concepts, so I'm only going to touch on them. Keep in mind that regardless of how complicated the system is technically, it will be extremely easy for you to use. You'll just tell your information appliance what you want it to do and it will seem to happen effortlessly. (Thanks to the anonymous person who typed it in) We may not all like Bill Gates, and some of us even boycott his software, but we must admit he is a very shrewd businessman and knows which side of his toast is buttered. I think this paragraph is right on the mark. The competition for which cryptographic protocol wins will be decided on the basis of usability. The "dark forces" are no doubt aware of this fact, and have already made some advances in this area. One example is the Fortezza card. If cypherpunks are to have any hope of getting their vision of strong crypto implemented and deployed, it has to be in the context of usable systems. Form this perspective, let's take a look at the recent thread on "establishing trust." Carl Ellison advocates the MOSS alias system. My understanding of this system is that individual users associate "aliases" with public keys. If done right, it can work well. However, from a usability perspective, it is just one more trouble spot. First, on what basis will users decide which keys are worthy of being assigned which aliases? Public keys are big hunks of base64 encoded gibberish. They are difficult to present in a user interface, difficult to communicate in alternate, known secure channels (such as telephone calls and face to face communication). There is no way that a person could memorize one. The other issue is how much time and energy the user has to spend keeping the alias database up to date. There is no way to communicate securely with anyone who's not in the database. If the user is communicating with a large number of people, then it's very tempting to get sloppy. There's no way around it. This kind of system will not make it in the big time. As I see it, any system that does must have the following properties: * Some variant on the Web of Trust. * Online key-servers for getting keys in real time. * A clean mechanism for validating keys through alternate channels. There are three possible outcomes: we build it, the NSA builds it, or Microsoft/Netscape builds it. This last outcome might not be so bad, but only in the first one can we rely on our principles being advanced. Raph