As you probably have noticed, "authenticated" URLs are very
common in many places like for verifying e-mail addresses, often
in connection to a certain registration event.
In order to use other peoples' public keys for e-mail encryption,
I claim that none of the proposed systems [1] work well except in very
local (or very open) places due to privacy issues [2].
The problem is how to distribute "semi-secret" information in a
simple way. It seems like a signed mail-address MIME-type could
be required for out-of-band distribution using a client "click" only.
566655fe76adr5fyyeed655:bob(_at_)bobcorp(_dot_)test
Anders R
1] LDAP, XKMS, HTTP CertStore
2] X.500 directories is a bad idea from a privacy point of view.
That is, you typically have a limited set of trusted parties that
you may need to send encrypted messages to. These partnerships
have been established in ad-hoc out-of-band ways. However, to
distribute passwords, client certificates for partners to use for
accessing your public key would be awfully complicated.
"Authenticated" (hmac-signed lookup data) represent a reasonable
compromise between security and privacy. Semi-secret data...
Or do you think that corporatations will publish keys for anybody
to access? I'm doubt they will, except for a few contact "persons"
like info(_at_)acme(_dot_)com :-)