Paul Hoffman / IMC writes: > At 4:58 PM -0700 5/29/03, Tony Hain wrote: > >The sysadmin effort would be setting up an automated way to hand out > >keys, and the user would have a one-time (or very infrequently) effort > >to establish a key pair. > > And you are saying that is trivial? How would a typical user know > which third parties to trust? How would the typical user know what to > do when they started getting spam through this filter? How would the > typical user know what to do when someone wants to send him/her mail > but can't because the sender isn't in the right trust group? > > If you have already worked this out and I missed it, my apologies. A > pointer to that document would be very helpful. In reality, is this any more onerous than trying to decide which spam or virus filters I should trust? I "trust" spamassassin pretty explicitly not to be a bad guy. If they distributed me a public key I should trust too, would that really change anything? Also: why need this be especially different than the trust roots pre-loaded in Mozilla, say? This problem space seems to much more web-like than, oh say, peer to peer authentication for computerized financial transactions... Mike