In article <FC831208-97A3-4F1B-A37C-F8646C3FB208@xxxxxxxxx> you write: >> SMTP servers could be key servers without having the private key of >> individuals? > >Sure. If they double as HTTPS servers. As others have noted, this topic has come up more than a few times before. Here's a recent draft we wrote for a simple per domain https key server, based almost entirely on existing standards. It distributes public keys. Managing your private keys on all of your MUAs remains as intractable a problem as it's always been. https://datatracker.ietf.org/doc/draft-bhjl-x509-srv/ R's, John