non-robot CA master key handling). Use this key to sign a number of

This has been repeated ad nauseam, but obviously not frequently enough. No one has been using CAs for anything serious and no one ever will. Outside of circles of fashionable crypto, commercial scams like verisign and greedy non-profits that want to help freedom fighters/armed thugs (definition changes with proximity), no one whose life and well-being depends on it has ever used CA. The simple fact is that it is impossible to have shared secrets of utmost importance with someone that you do not have a secure physical channel with (which automagically obsoletes CA). If your life depends on it you will not risk it by sending such information to a person you have no means of directly authenticating. Strangers do not have secrets, by definition. Why is this so hard to understand ? The beauty of public key schemes created many seemingly plausible PHantasies pursued by quite a few technically savvy folks. But that does not change the basic problem. USG operatives, including Osama bin Laden, do not use public computer-based web of trust to authenticate. These guys KNOW each other. Even in non-government business environments, PGP keys between People Who Matter are exchanged manually. MIS department goons never get to see those. Automated CAs are fine for ad-hoc crypto that prevents casual data harvesting*. But lying to the public about limits of CA schemes will not do crypto any good. * provided, of course, that one does not use popular OS, all of which will soon make all storage available to casual harvesting. Keep those DOS boxes around.