So my hope is that banks become the certification authorities. Recall that at least in the us banks used to have trust as their middle name xyz bank and trust co for example. The whole banking system is _base_d on trust. You trust the bank to pay your checks, because they are intrinsically worthless. It seems that the digital signature issue and certificates are not really much of a stretch from that. We have the procedures in place to handle this. The problem I see with banks becoming CAs is that at some point you are going to want a customer at Bank A to do business with a merchant who is a customer of Bank B.  This is where the trusted third party is useful, somehow Bank B has to know that (a) the certificate signed by Bank A is real and (b) that Bank A is a trustworthy inividual to sign the certificate in the first place. My understanding is that the TTP will be the body that allows this, banks will most certainly be CAs but there will still need to be a body above them. Just my AUD$0.02

The consolation is that a thorough audit trail actually gets people their money back! I don't know but I wonder whether an audit trail is similarly easily and effectively to be carried out in banks and trust centres. M. K. Shen

Comments are welcome. The following is not comments but simply reproduction of some informations that could be of interest. The German newspaper Sueddeutsche Zeitung 17 Feb says that certain trust centres will be represented in the CeBIT in Hannover, that this sommer will see some 20 such bodies and that these, operating within the _frame_work of German laws and regulations on signatures, are all expecting to be able to make huge business. The newspaper further says that there are currently some difference in opinions between experts of the government and the centres, with the former favouring key escrew while the latter against. M. K. Shen ______________________________________________________