On 2004-06-25T12:47-0700, Larry Pingree wrote: ) single customer that you want to have conversations with. Authorization ) must still be authorized by a third party agency which verifies ) validity between everyone involved in communications. You seem to be making a case for only accepting GPG-signed email, or at best only accepting SMTP connections over SSL with a certificate issued by a trusted CA. These both go to identity, though, not authorization. I do not see an obvious way for a third party to verify that two entities can validly communicate with each other--unless both entities are involved in making that decision, or both parties have agreed on some set of criteria beforehand. If you are simply after identity-tracking, there are ways to enforce that other than creating a new "email server registry." If you mean to suggest that you want someone else to decide who should be able to talk to you--using their own criteria--it does not sound like you are proposing something I would opt to be a part of. -- Daniel Reed <n@ml.org> http://people.redhat.com/djr/ http://naim.n.ml.org/ There are people who do things and people who take the credit, and the trick is to be in the first group; there is a lot less competition. -- Dwight Morrow, American Diplomat