Now, my guess is that right now we need signatures that can survive
alterations but once enough mail list servers and other intermediate
systems signing, we may well begin to slowly change to more secure
signatures.
The first problem with this strategy is that it punished early adopters. As a
sender, what possible interest have I in going from a system where my signature
does survive to one where some of my signatures don't survive. The second
problem is that it doesn't disadvantage late adopters. If I'm the last sender
on the planet to change, does that hurt me? No.
What that means is that everyone wants to be the last to change, ergo, no one
changes and you entrench a hack forever. As a follow-on, it removed the
incentive for MLMs to change too.
The days are long gone (if they even ever existed) when the internet changes
due to wishful thinking, a BCP or even codification via an RFC. Adopters are
pragmatic, resource starved and self-serving. A standard that implies a
transition plan need to reflect that reality if it wants any hope of success.
Just to give one of many examples, wasn't the "MX fallback to A records" meant
to be a transition mechanism that was to "slowly disappear" starting with
RFC974 in 1986? Finally in 2001, that presumption appears to be given up as a
lost cause in RFC2821.
Mark.