An institution should consider offering a key generation service for its members. This service must be optional or the members of the institution will claim, quite rightly, that their privacy may compromised by anyone with access to the key generation process. Those members, however, who are not concerned with intra-institutional threats but require privacy only for communications with other institutions may feel the simplicity of not having to generate a key outweighs the disadvantages. We feel strongly that if an institution should offer a key generation service, it should also make the disadvantages clear to its members.