Dave Crocker writes:
There is no requirement that the recipient display the unsigned content
at the end of a message. A verifying MTA may remove the unsigned
content at its discretion.
By having a mass signature apply only to an initial subset of the message
content, we are now faced with a cascading sequence of possible mechanisms
that cause problems or try to get around problems. When we find ourselves
starting to discuss whether some text is, or is not, displayed to the user,
as a means of enforcing a security model, we really do need to step back and
look for a simpler approach.
Since you have never made a concrete proposal, it's
difficult to understand how what you're advocating isn't
any different than requiring TLS at trust boundaries. A
draft -- and maybe some running code -- here that shows
how this is different would be helpful, and relieve us of
yet another downward spiral of deconstruction.
Mike