"I sign all mail" ...
As I've said before, there are really two different subclasses of this one.
You can have your mail very well under control, but you don't have
control over what the damage might be in transit. For some people
like banks and phishing targets, that collateral damage is likely to be
acceptable. For most everybody else it's not.
So I guess it just intrinsically bugs me that the former is a pretty rarified
class of sender, and is SSP really _only_ for them? (leaving I send
no mail aside). Is there little or no value in knowing that you sign
everything, but transit related damage is possible?
We have to keep in mind that the recipient is interpreting this stuff, and
it's up to the recipient to decide what risk they are willing to accept.
Transit damage is always possible, so I don't see any value in pointing
that out. As a receiver, I find a hint that unsigned mail from you is
probably bogus to be useful. Your own opinion of the value of that mail
I also don't see "I sign everything" as limited to large companies. My
lawyer is part of a small firm with their own mail server on a leased
line. I expect they have enough sense to tell people that if they want to
send mail from home or on the road, use the company's web mail. They'd be
a perfectly good candidate for "I sign everything", and I don't think
they're at all atypical.
But it shouldn't hurt to just add stuff to the policy record -- possibly
non-standard experimental stuff -- and if it's useful and relevant,
users of the protocol will almost certainly have an incentive to upgrade
Experiments are always a good idea, which is why it's important to be able
to mix in experimental stuff without breaking other software. (See, for
example, X-foo: headers in mail messages.) I just don't want to
standardize stuff prematurely and find out that it's not what people need.
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for
Information Superhighwayman wanna-be, http://johnlevine.com, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
NOTE WELL: This list operates according to