On Wed, 2004-12-01 at 14:13 -0800,
I like the idea William suggested of giving the original Sender the
opportunity to decide whether they want the signature to survive changes
like the ones made by mailing lists. This is especially important if the
signature indicates authorization.
But that's not what William is saying. The suggestion is not that some senders
will pick a loose policy while other senders pick the strict policy on day
Nor that senders might change from one policy to the other for their own
Rather, the suggestion is, I believe, that the Internet as a whole mostly
starts with a loose policy and slowly transitions to a strict policy as
intermediaries become signature aware.
Your interest in the sender expressing a maximum level of munging is an
interesting notion, but it's unrelated to the issue of whether an
Internet-wide, time-based, incentive-free, transition plan is realistic.
I think any situation where the sender expresses policy is fraught with
danger. It's like SPF records now -- you can't tell a truly conservative
SPF record where '-all' is either used on its own to indicate that a
domain sends no mail, or follows an exists: mechanism in conjunction
with BATV or SES, from a lossy one which assumes the whole world is
doing SRS already.
We ought to have senders publish _facts_ about the mail they send, which
can be interpreted by the sender. IIM's message-digest with length
achieves this -- it's up to the recipient to decide whether to accept a
In fact, I'm rapidly coming to the conclusion that we shouldn't bother
trying to make it survive mailing lists. An RFC2822 scheme can
authenticate the most _recent_ RFC2822 source address, be that the From
address, Sender, Resent-From or Resent-Sender. There's no point in
trying to make it survive further than that.