You can generate your own certificates using the new PEM code from TIS. This, in some ways, models the PGP "web of trust" model. At least it's a lot closer than the original PEM "you trust us, we don't trust you" model. They have also done something with the email address space, but I'm not sure what. Previously PEM required that you abandon your Internet email address and use an X.400 based address in certificates and such. More details will be available when the PEM release is out for FTP (within days, I think). John