> I dispute the lower risk claim. You have more control. More control does > not mean less risk. The PKI and the PGP model both have risks, just different risks. The PGP model only involves the two parties; it brings the risk that the two parties misidentify each other. The PKI model involves a third party, supposedly trusted by both players; it brings the risk that the third party may make mistakes, or that the two parties mistakenly assign too much trust to a third party. Also, any large centralized service is bound to become a target for government and other entities. -- Christian Huitema