Now, my guess is that right now we need signatures that can survive
alterations but once enough mail list servers and other intermediate
systems signing, we may well begin to slowly change to more secure
The first problem with this strategy is that it punished early
I like the idea William suggested of giving the original Sender the
opportunity to decide whether they want the signature to survive changes
like the ones made by mailing lists. This is especially important if the
signature indicates authorization.
But that's not what William is saying. The suggestion is not that some senders
will pick a loose policy while other senders pick the strict policy on day one.
Nor that senders might change from one policy to the other for their own
Rather, the suggestion is, I believe, that the Internet as a whole mostly
starts with a loose policy and slowly transitions to a strict policy as
intermediaries become signature aware.
Your interest in the sender expressing a maximum level of munging is an
interesting notion, but it's unrelated to the issue of whether an
Internet-wide, time-based, incentive-free, transition plan is realistic.