>First, we would have Eudora automatically recognize the signed message and >extract KeyID and signature. It would look up the KeyID and, if it has the >key or can find it, check the signature. ^^^^^^^^^^^^^^ I believe that addressing that last sentence, where you've conveniently left the implementation undefined, is one of the major goals of the various PKI efforts. /r$