diff --git a/OpenPGP-Security.md b/OpenPGP-Security.md
index 5dfaf2e..e9d8812 100644
--- a/OpenPGP-Security.md
+++ b/OpenPGP-Security.md
@@ -57,24 +57,9 @@ TODO: Yes we must do this. Important TODO
 #### Support for Image Attribute Subpacket?
 No, in about 99% of all use cases there are better photos to be found in Android's contact database.
 
-### Thesis
-* OpenPGP is over-engineered
-* Web of Trust has failed
-* nobody understands tsigs
-* nobody understands different trust levels
-
-### Solution
-* Identities **are** certified or **not**
-* Alternately, trust is probabilistic. Keys have associated metadata which a potential user may examine to help in deciding whether to use them.  Web-of-trust and Keybase-style "proof" data could be included here, and it seems likely that other flavors of such metadata are likely to arrive.
-* Hide Web-of-Trust
-
-
-# Fingerprints and key IDs
-* Don't prefix "0x", average users do not understand this
-* handle key IDs like telephone numers
-* no monospace for key IDs (do you use monospace on telephone numbers? no)
-* Key IDs lower case to better differentiate numbers and letters
-* Don't show key ids? (https://www.debian-administration.org/users/dkg/weblog/105)
+## Fingerprints and key IDs
+* In most places key IDs are useless!
+* https://www.debian-administration.org/users/dkg/weblog/105
 
 # Key creation
 
@@ -86,6 +71,17 @@ See https://www.debian-administration.org/users/dkg/weblog/97
   * ["How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation."](https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final209.pdf)
   * "Does my password go up to eleven?: the impact of password meters on password selection"
 
+### Web of Trust
+* OpenPGP is over-engineered
+* Web of Trust has failed
+* nobody understands tsigs
+* nobody understands different trust levels
+
+### Solution
+* Identities **are** certified or **not**
+* Alternately, trust is probabilistic. Keys have associated metadata which a potential user may examine to help in deciding whether to use them.  Web-of-trust and Keybase-style "proof" data could be included here, and it seems likely that other flavors of such metadata are likely to arrive.
+* Hide Web-of-Trust
+
 
 ### Relevant links
 * https://gist.github.com/coruus/68a8c65571e2b4225a69