While I agree that a mechanism for "checksumming" a message is useful, I
think we can do better than just adding it to base64.
No one has commented on my suggestion to allow checksumming to be
independent of any other processing, ie a separate RFC be created that
specifies an application that does checksumming and it can decide to create
a new header or be a new content type or whatever.
This will allow a thorough exploration of choice of algorithm and
implementation options, which I believe is critical. A discussion of this
sort has always been an extended discussion in the security working groups,
because as it seems with many things there are subtle issues as well as
religious issues to consider. I would not want to slow down the progress of
the current work.
In any case, we need a qualification on the phrase "optional".
Specifically, while the checksum may be optional at origination, if present
upon receipt it must be processed. Ignoring it must be unacceptable.
Jim