> > > i don't care who you are but i do care who you know. > [..] > > If someone sends me a message asking for my comment > > because they read some other comment I wrote, do I really > > care who that someone is... or who they know? No, [...] > > I'd suggest that in this case you _are_ reacting to who > they know. In some sense they 'know' you, because they're > reacting to something you wrote, and thus have gained entry > to your circle of people-worth-talking-with. precisely. in the case of mailing list subscriptions, i'd like to be able to trust a robotic exploder because it can prove i asked to be on the list. this is what all of the one-time-pad and challenge/response schemes are really aiming for but i don't see why i ought to use a different "key" to log into somebody's web portal than they would use to prove that i asked for some kind of push content (for example, something like e-mail.) (and i don't think i want to have to pay an X.509 CA for that priviledge.) -- Paul Vixie