I have recently written some mailing list software which authenticates PGP signatures (it is *way* too centralized for my tastes, but most of my "market"-- the people who are using the list that the software is running on-- have rather lame computers or lack the time/skill to install PGP for signature verification locally.). The most important part of the software, however, is that it uses PGP-signatures for remote administration. It requires that a remote administration request be PGP-signed before it accepts the administration commands. It is running a *rudimentary* keyserver service.. It accepts new keys, but it doesn't release keys on demand. (I'm going to have it release keys to subscribers only, soon.) Here's the documentation. If anyone would like to take a look at it, and play with it, etc., please mail me. It's not very clean code. (It's a combination of some perl and sh scripts. I'm pretty clueless about perl, so there are many inefficiencies. I plan on fixing them once I learn perl better.) -- PGP Signature Authentication The list software does automatic verification of PGP signatures, and prepends a few lines to every message that goes out-- whether or not the signature is good, bad, or nonexistant. -- Administration If you are the administrator of the list, you can issue list-administration commands within a PGP-signed message. To do so, begin your message with the line: ::administrate <password> Following lines are commands to the list software. Supported commands currently are: "subscribe address" -- subscribe address to the list "unsubscribe address" -- unsubscribe address from the list "sendlist address" -- send the list of subscribers to the address -- User Commands There are a few commands which any user can use, whether or not the message has been PGP-signed. To send out a subscriber list to someone who is subscribed to the list, anyone can send a message to the list saying: ::sendlist following by the addresses to which he or she wants the subscriber list to reach. Only people who are subscribed to the list, however, can get the subscriber list through this command. (Anyone can issue this command, however.) To add a key to the PGP-database so that messages signed with this key are recognized, anyone can send a message to the list saying: ::addkey following by an ASCII-armored PGP public key block. Anyone can post anonymously to the list as well. In order to do that, the message should be sent to the list (signed or unsigned-- if the message is signed, however, the signature information still reaches the list) with the line: ::administrate anonymous As the first line.