Historically, the approach to "secure" mail has been to provide mechs that
let a receiver validate the identity of the sender, but I am really
wondering if this isn't inappropriate in the majority of the cases.
In the paper-based world, we "trust" the delivery system, and do not
normally attempt to validate the supposed sender of the materials.
That's only because snail-mailed bombs and anthrax have been relatively
rare.
I *wish* we could make the same statement about email viruses.
However, I do think that some form of verifable source authentication,
if it were widely-enough deployed, might be useful in deterring viruses
even if it doesn't always identify the exact person who sent the message.
Being able to pin down the source to a "small enough" organization
or set of people might be enough, and achieving that might be much easier
than trying to authenticate every single possible individual sender.
Keith