I should have been clearer, the assertion is "this is my user's key".
The good news is that this should be observable by the user.
Sure, but once again you're no better off than if you got the key anywhere else. I understand the argument for better key servers and maybe better ways to discover key servers (a URI record should do it), but I don't understand the argument for a whole new mechanism with new security, scaling, and semantic problems.
Regards, John Levine, johnl@xxxxxxxxx, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail.