I've updated the draft now (see http://www.lysator.liu.se/~nisse/misc/draft-nisse-hash-cash.txt), trying to address the issues raised by Simon and during the meeting.

It now uses per-MTA keys. Then an important question is how an MTA is identified. Ideally, all border-MTA-s belogning to the same administrative domain should have the same identity (except perhaps secondaries). It's not clear if a mail server that accepts mail for multiple domains should have a single id, or one id per domain. I tried to write this down in section 4.

Do we need new terminology for the things we identify? It's slightly confusing to say "MTA" when we are talking about not a single mail server, but a fuzzy group of them?

Other notable changes: Authentication means signing a challenge string, of the same form as the hash cash challenges. Hash cash challenges now use hmac-sha1, with the string to be search for in the key argument, in order to make the construction somewhat more cryptographically sound.

Most of the text on name-key semantics is deleted.

/Niels