Hi, a recent c-punx posting raised an implicit question about the amount of RSA in use already. Obviously the larger and more international the user base is less likely that Uncle Sam & sidekicks etc can palm off compromised crypto and signature schemes on the rest of us. Two quotes below from the pem-dev (PEM developers) list at tis.com give grounds for optimism. I have blinded the names, as a first line of defence, (those already subscribed to the list can find the original postings by date. Note that: The Public Key scheme mentioned in message 2 may not be full RSA, but indicates the possibilities if slot-in crypto modules were available for interface to standard PC/Mac office software packages PGP has a high profile right now, but needs more users to really damange Clipper. --- Quote 1 --- Date: Thu, 31 Mar 1994 02:43:27 EST Just a data point. There are currently roughly 3,620 PGP keys on the PGP key servers --- despite the fact that use of PGP generally entails violation of RSA DSI's patents. (Note that this number only includes those people who have published their keys; others, due to the patent issue, may not have published their keys on the key servers, and so would not be counted in this figure.) There are also people using RIPEM as well. Meanwhile, we haven't even been able to get our act together to generate a PEM root key; my understanding is that this at least partially related to the liability involved in running a root which *everyone* has to trust, although there may be other show stoppers as well. So there definitely is at least some amount of demand for secure electronic mail using RSA. It's just that by and large, people just aren't using PEM to satisfy their needs. --- end of Quote 1 --- *** Come on PEM-people get yourself a root key ! Then organizations *** ill send more RSA-authenticated mail. --- Quote 2 --- Date: Thu, 17 Mar 1994 12:20:22 EST Recent discussions with a very large software company that I won't name at this time indicates that they have on the order of 750,000 users that are already using an older form of public key cryptography. They are preparing their next release, currently plan to make it PEM compatible (although they are also looking carefully at the Apple AOCE varient), and expect that as many as 1.5 million users might be on this system within a year. This system includes a proprietary directory, and they are also planning to interface that directory to X.500. --- end of Quote 2 --- *** Thinks: the number of retrievals to date of PD crypto would be . useful to know For we are many and our name is Legion .... Regards, Ed Switalski