> allows readers of this email to trust I am who I claim to be, "legally" > (as if I showed an ID).
"Legally"?--Talk about a disaster in the making, but one that spammers might save us from by demonstrating it's foolishiness. Where will the secret key for signing mail be kept, but in something like an "address book"? Will "user friendly" operating systems require a passphrased for each use of the secret key?--probably not. Even if they did, think of the trojan horses you could easly write if you went over to the dark side. You might look for the WIN32 "event" that posts the secret key passphrase "dialog box" and then capture keystrokes. Or you might mount a dictionary attack on the passphrase using a canned list of 1000 words plus the user names found on the system. Or you might pop-up your own imitation of the passphrase dialog box. ... but let's save that fun game for some other time. The talk (and new laws) about legally binding crypto signing is as ridiculous as the talk about how "personal firewalls" make unsafe systems safe. In the real world, virus and worms turn off "Zone Alarm" and other "personal firewalls" before they start doing their real work. Vernon Schryver [EMAIL PROTECTED]
