John R Levine wrote:
A PGP or S/MIME signature assures you that the mail definitely came from the address it purports to come from, but it doesn't tell you whether that person is who you think it is. That's where limited access domains can help.
No actually a PGP signature assures you that a particular private key was used to sign a message. It doesn't tell you whether that key belongs to who you think it does. Thus you would verify the key fingerprint via an out of band method (phone, in person, business card). I don't see how a limited access domain helps in binding keys to people, unless the registrars are going to start acting as CAs as well. Anyone can create a PGP key with trustme@fubar.cpa.pro as an associated email address. Bradley