A digital message is sent from a sender to a recipient in a public-key based cryptosystem comprising an authorizer. The authorizer can be a single entity or comprise a hierarchical or distributed entity. In some embodiments, no key status queries or key escrow are needed. The recipient can decrypt the message only if the recipient possesses up-to-date authority from the authorizer. Other features are also provided.