On Wed, 25 Sep 2002, Matt Alexander wrote:
> Derek, but signing gives reasonable assurance that the email received
> is really from him.

OK, I get a message.  It's signed.  How do I verify the authenticity of
the signature?  Against what database?  If User X writes a message, sends
it ostensibly from Derek, and signs it with a bogus key, how do I know
that, unless I already have Derek's key... and in fact some huge database
of keys somewhere... it sounds like a data management nightmare, how is
everyone supposed to keep track of everyone else's keys???

Still not getting it,

\\/