I have sympathy with Morin on two of these issues (assuming I understand
what he's saying).
The notion of "consent" was seriously eroded in the architecture
documents, and I have always felt it was a mistake. Endpoints have no
guaranteed means to configure their OPES profile, or even to discover
it. That should be remedied.
However, the current discussion has, at its heart, this question:
Will OPES modify SMTP message bodies?
There is an obvious slippery slope adjacent to modification of email
content. With HTTP, the information is usually meant for many
recipients (anyone who asks). For SMTP, it is frequently
individual-to-individual, and privacy concerns are paramount. I'd
argue that a very high standard of privacy and integrity protection
should accompany any venture into this area. We need at the minimum a
document on "security and integrity guidelines for OPES SMTP
I see some nugget of an idea about doing message body adaptation on
the mail agents themselves (the agents that store messages, like POP3
servers), and I always felt that was the way to go for most of the
SMTP services. The only compelling argument for modifying the message
body "in the network" is to remove malicious code, though even that is
a slippery slope (my ISP insists on removing the MIME type URL in IETF