PGP - when you care enough to send the very best!

[Ed Stone]

At 07:04 PM 5/26/02, you wrote:
>Stand alone cryptography is best.  I enjoy sealing my personal
>letters in an envelope.  I am uncomfortable entrusting that
>process to a third-party, or to the mailman.  I am similarly
>uncomfortable entrusting e-mail encryption to an embedded
>system and cached authentication systems.

And I prefer key generation when not online to a facility that may 
implement various operations like:

"The "Internet X.509 Certificate Request Message Format" Internet-draft
that defines certain functions between a Certificate Authority (such as
VeriSign) and the user's machine that generates the key pair, including
certain options for "Proof of Possession of Private Key" (POPOPrivKey)
during the online session to generate keys and obtain an X.509 S/MIME
certificate:
"POPOPrivKey ::= CHOICE {
     thisMessage       [0] BIT STRING,
     -- posession is proven in this message (which contains the private
     -- key itself (encrypted for the CA))"
  .. and ..
"PKIArchiveOptions ::= CHOICE {
     encryptedPrivKey     [0] EncryptedKey,
     -- the actual value of the private key
     keyGenParameters     [1] KeyGenParameters,
     -- parameters which allow the private key to be re-generated
     archiveRemGenPrivKey [2] BOOLEAN }
     -- set to TRUE if sender wishes receiver to archive the private
     -- key of a key pair which the receiver generates in response to
     -- this request; set to FALSE if no archival is desired."