>First, we would have Eudora automatically recognize the signed message and
>extract KeyID and signature. It would look up the KeyID and, if it has the
>key or can find it, check the signature.
^^^^^^^^^^^^^^
I believe that addressing that last sentence, where you've conveniently
left the implementation undefined, is one of the major goals of the various
PKI efforts.
/r$