A more important issue, one on which the silence is deafening, is that authentication systems are useless without some sort of reputation database. You get a message, it’s 100% authenticated that it came from flurble.net but you’ve never heard of flurble.net. Now what? The unstated assumptions seem to be that for now we all have our informal private lists of friendly domains that we will whitelist, and eventually there will be shared reputation systems to plug into. The faith in shared reputation systems is touching, particularly considering all of the moaning and groaning there is about DNSBLs, the reputation systems that exist now.