Given the low percentage of "normal user" PGP keys which are anything but self-signed, would people actually use/give-appropriate-trust to a service which signed PGP keys belonging to people based solely on email challenge authentication (like majordomo uses)? It would demonstrate the user has the ability to successfully decrypt email to their key, as well as receive mail at the address in their key id, which is more than can be said of many new users/keys. I personally would trust mail-from authentication to provide me a valid email address for *someone*, if not the particular person I want to contact, which is useful in some cases. -- [EMAIL PROTECTED] +41 1 27 42 491 (corporate, fax) Chief Technical Officer HavenCo, Ltd. ||| Secure Offshore Colocation ||| http://www.havenco.com/ 1024D/4096g 0xD2E0301F B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F
