Well I figure if you’re going to do something you may as well do it properly and I’ve been getting into the whole PGP thing lately. The trouble is noone has signed my key making it pretty much worthless. I’m also a long way away from everyone I know who uses PGP and fate seems to work against me when I’m closer to them. Bertrand was in Australia recently and even in Brisbane, unfortunately I was over in San Francisco (btw Bertrand if you manage to read this, my old email is offline at the moment so I can’t find your contact details to let you know that I’m back in the country but I figure you’ve moved on from Brisbane anyway). Meanwhile, when I was in San Francisco I missed the train and didn’t make it to the first Apache gathering which had people present who used PGP. I made it to the second but I don’t think anyone there used PGP so there was no key signing done. So I figure I should check out a certificate authority and at least get them to sign my key. CACert is the new, free CA service and since I think it’s about time someone provided a free CA I wanted to support it by getting involved and if the service stacks up with money. It seems however, that there’s no trusted authorities in Brisbane yet. Fortunately they do have a more complex process involving faxing IDs around and finding a couple of lawyers, accountants or bank managers to verify your identity. Since I happen to know a few lawyers and accountants (oh, the company I keep….) that might just work out. So if you’re a lawyer and see me coming with a bunch of paper work, you know what it’s about. With all the viruses impersonating people these days, not to mention actual identify theft (which I’ve personally been a victim of before, though fortunately there were no serious consequences), it’s beginning to get more and more important that your identify can be accurately identified online. The first step is for lots of geeks to get involved, then for more email clients to have builtin support for PGP and make it easy, then we should see much more widespread adoption. Hopefully at some point it will be so ubiquitous that ISPs can refuse to relay email unless it’s signed with a registered PGP key and spam is no longer a problem (though email server resources would be under much higher load so it’s unlikely to actually be done). Client side filters would definitely be an option though.