Strongly authenticated keys are essential to any secure email system worthy of the name. PGP, with its web of trust, provides the underlying mechanisms required to implement strong authentication. More is needed, though, than digital signatures. Trustworthy signatories must be created. We recommend that a distributed set of certification authorities be set up, with authority delegated to appropriate levels but the whole tied together in a heirarchy with UKERNA at the top level. In the first instance, this should be prototyped in a small-scale pilot study, the object of which should be to investigate the procedures required for the production signatures truly worthy of trust by even the most suspicious members of the JANET community.