So "is likely to invalidate" is as specific as we can reasonably be.
Yes, under the assumption that we're documenting what MLMs do. This
brings us back to the informative vs. normative dilemma.
I don't see how we can say anything normative to MLM or MUA developers.
That's not the business we're in.
We can certainly document what MLMs do, and describe what we have found to
be effective, but I really don't think that there's any benefit to
describing in this document hypothetical paper designs for anything, much
less for large changes to MLMs for goals for which we have no consensus.
(An experimental RFC for paper designs would still be fine.)
Re paper vs. implemented designs, I have actually added DKIM signing to my
MLM software and have been using it in production for many months. Has
Mike has done a bunch of work on signing outgoing mail and trying
heuristics to reconstruct signatures on mail coming back from MLMs, but
Description: S/MIME Cryptographic Signature
NOTE WELL: This list operates according to