Paul Hoffman / IMC writes:
> At 4:58 PM -0700 5/29/03, Tony Hain wrote:
> >The sysadmin effort would be setting up an automated way to hand out
> >keys, and the user would have a one-time (or very infrequently) effort
> >to establish a key pair.
>
> And you are saying that is trivial? How would a typical user know
> which third parties to trust? How would the typical user know what to
> do when they started getting spam through this filter? How would the
> typical user know what to do when someone wants to send him/her mail
> but can't because the sender isn't in the right trust group?
>
> If you have already worked this out and I missed it, my apologies. A
> pointer to that document would be very helpful.
In reality, is this any more onerous than trying
to decide which spam or virus filters I should
trust? I "trust" spamassassin pretty explicitly
not to be a bad guy. If they distributed me a
public key I should trust too, would that really
change anything? Also: why need this be especially
different than the trust roots pre-loaded in
Mozilla, say? This problem space seems to much
more web-like than, oh say, peer to peer
authentication for computerized financial
transactions...
Mike
