This assumes the existence of a PKI. Without that, it's
fairly trivial
for me to crank out a bogus digital signature claiming to be
from meor(_at_)mail(_dot_)softhome(_dot_)net and forge subscriptions for you.
It is already more or less required that organizations buy a CA-issued SSL
cert to operate a web site dealing in credit card transactions.
Maybe it is not so farfetched that they should do this (or maybe use the
same cert) to also operate a mail server?
-J
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg