Tony writes: > Rather than passing a token, require the mail to > be encrypted with the public key of the recipient. Public-key encryption of an entire e-mail is extremely processor-intensive. Even conventional encryption is very time-consuming. You can just hash it and sign the key. However, this would be a problem for people in countries that outlaw encryption. What would they do? > ... and provide an incentive for the ISPs to > actually deploy a PKI. Who would you trust to certify keys?