>>>>> "Eric" == Eric S Johansson <esj@xxxxxxxxxx> writes: [...] Eric> Before you get your knickers in a twist over this attitudes, Eric> remember that all of the "proper procedures" as put forth by Eric> pgp/smime enthusiasts have done more to setback to widespread use Eric> of cryptography than any political/legislative manipulations by Eric> the spook community. What the crypto geeks have forgotten (or Eric> maybe never knew) is that human factors wins out over technical Eric> features any day. It all depends on what you're trying to achieve with crypto, and what your attack model is. If you just want to verify that the person who is emailing you today was the same guy who emailed you last week, you can be a lot more lax than if you want to make sure that the email you got really was from the Linus Torvalds who wrote the Linux kernel. And I don't think that human factors is the reason we don't have widespread crypto. The thing is that most people just don't see a need for it. (Here. I'll GPG sign this message just for fun.) P.S. I don't know much (anything) about the camram model, but how well does it protect against zombied machines? Say, Alice's machine gets zombied by the latest virus-du-jour, and starts sending out emails, signed with her camram key. -- Hubert Chan <hubert@xxxxxxxxx> - http://www.uhoreg.ca/ PGP/GnuPG key: 1024D/124B61FA Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.