Paul writes: >s/mime relies on the x.509 pks industry which in is turn based on the goal >of enriching a small number of ca's who have to pay for relationships to >browser/useragent vendors who then make the certs worthwhile Hmm and the cost of MAPS would be? It costs money to perform authentication and issue certificates, less than the amount charged for but the total cost to the end user in terms of time is still significant and in the case of spam control you have certified the wrong party. The party that is generally held responsible for users actions is the ISP, not the user. So that is the level at which you want to certify, not the end user. S/MIME is not designed to do the job being proposed here. You want to hold the ISPs responsible, there is no point in having greater granularity in your authentication system than you intend to use in the revocation system. I don't know what a class 3 cert for an ISP would cost but I would guess rather less than is charged for MAPS these days. Phill