I think we are in violent agreement here...

I disagree but then my worldview is different. For personal use the compact distributed system is workable however when you start thinking in terms of a large distributed organization, the quanta changes.

Mention was made of the difficulty of handling 20,000 keys. I am looking at over 80,000 today and over 200,000 tomorrow *for a single organization*. For quantities like this, a hierarchial system of management seems inevitable.

Perhaps you misunderstood what I mean by "central keyserver model". What I mean by that is the status quo, where we have a set of central keyservers and each keyserver knows about each key. When I say that this will disappear, I mean that we will move towards a more distributed system, similar to the DNS for looking up hostnames. Yes, we will need a distributed, hierarchial [sic] system in the future, and if we want to continue using PGP we will need to provide a simpler way to use that.

First, I am not about to give up my personal PGP key, it is trustworthy and effective for my needs. It is not necessarily incompatable with an organizational structure.

This is true.

However *for the organization* something else is needed. I can see a future in which the bulk of the population has only two keys: their own and the punlic key of their post office (not talking USNail - private ones though not saying the US might not operate one as well).

I disagree. I know the addresses of the people with whom I communicate regularly. I know my parent's USnail address, my grandparents', my SO's, etc. I dont need to tell the Post Office "Send this to my parents" and trust them to do it. I give them a destination address and trust them to send it to the proper destination. The same thing is true in the electronic world. I put a destination on the email, give it to the mailer, and trust it to send it to the appropriate destination. A similar anology can be made when I dont know an address: I ask someone for it. Same thing with an email address/PGP key, I need to ask for it before I can use it. The same thing is true of hostnames. I can find a hostname<->IP address for just about any host on the planet. Do I have them all on my local disk? No, of course not. I look them up when I need them. However, I do cache local copies of the names I frequently use.

As noted, a hierarchal mechanism will be needed for key retrieval - only local keys and "frequent fliers" will be kept locally. Not new concept, just not used by post offices that I know of today.

Yes, this is true. And it is used -- its called regional phone books. If I want to get a number for someone, I go to the regional phone book and look them up. I have to know something about them first, so I know where to look. If I asked you to find the machine "incommunicado" and tell me it's IP address, what would you do? You'd have to look in every domain for machines named "incommunicado". However, if you knew that I meant "in the 'ihtfp.org' domain", you'd know exactly where to look. The same is true of phone numbers. The same is true for keys.

Will need a bit of fleshing out and expect the end-state to be 2-4 years out but is a good time to think about it.

True. The problem is that with PGP messages, the only information about keys is a "random" keyID. From a keyID there is no way to determine that key unless you already have it. This means that if you do not already have the key, you have no way to find that key. See the problem? This is like the "find 'incommunicado'" problem above. What I propose is to modify, slightly, the PGP signature certificate to add a "hint" field. This hint field would tell you where to look for the key. This is the way to add the "ihtfp.org" info to the PGP signature. I hope this clears up any misconceptions... -derek