-----BEGIN PGP SIGNED MESSAGE----- On Mon, 12 May 1997 Theodor.SCHLICKMANN@BXL.DG13.cec.be wrote:

As further discussed in the answer to question 4, we can confirm that we do not propose that the user be required to escrow his private signature key (however generated) with a TTP. [snip] If, however, the TTP either generates the confidentiality key pair for a user, or, for example, certifies a self-generated public key for confidentiality, then escrow of the associated private key would be required under our proposals.

This doesn't make much sense to me. If I were to use such a UTP[*] then I'd simply get my signature key authenticated and then use that to sign all my encryption keys rather than getting the UTP to sign them. So I'd get the benefits of a recognized authentication on my keys without having to worry about key surrender to governments. We don't _need_ to have anyone authenticate our encryption keys, just the signature keys. Or am I missing something? (Other than the obvious fact that this is just the thin end of the wedge) - -- HP [*] UTP == Untrusted Third Party -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Charset: noconv iQDzAwUBM3hStrmgWaN4MfkFAQH0WQbwg2Nj7+DdY5LXnqinjjhiJQCVbumMHbpD yGHsoJJDY8BdvgtfPKBqFWSZ1OCvqYaM2M87xK5lF6qdVyESVOcr9GKuB3Cpafhk WPwBOjcdYbL+WzsAo5T8gUH7HFv1dGI0/lMfsc42ik/Wl54YIWeWQr5ptDXpABd7 sSbgr0jjPKoqO2pyAYPS9c3mXooES99zRBDB5edWPf4ACF0u8DcMawZUuAcD+hTH ILZV80VAnOIKKidRqNry5z90/z0L8F3qVklLRYX5qGyxZE60PEbECSE2lxjio/kh PfbpoQCb =ETNt -----END PGP SIGNATURE-----