The sysadmin effort would be setting up an automated way to hand out keys, and the user would have a one-time (or very infrequently) effort to establish a key pair.
And you are saying that is trivial? How would a typical user know which third parties to trust? How would the typical user know what to do when they started getting spam through this filter? How would the typical user know what to do when someone wants to send him/her mail but can't because the sender isn't in the right trust group?
If you have already worked this out and I missed it, my apologies. A pointer to that document would be very helpful.
--Paul Hoffman, Director --Internet Mail Consortium