Ned Freed wrote:
I agree with a lot of what you say in this post, but I think
you're missing one use case of simple which doesn't have an
dependencies on aspirations: the case were a signer would rather
the signature break -- with even the possibility of discard.
For example, statements(_at_)bigbank(_dot_)com probably does not want anything
monkeyed with their statement, and is willing to tolerate the
risk of manglers.
I view this as a use-case for S/MIME or possibly PGP, not DKIM. I don't
have
much experience with PGP, but S/MIME works really well for such things in
practice.
I don't why this needs to be an either/or situation. What's
wrong with both? They aren't the same after all.
In fact this brings up another potential issue, which is that we really
need to
distinguish what we're doing here from what S/MIME and PGP do.
IIRC, this discussed pretty extensively in the security considerations
section. But I'm not sure what a protracted amount of handwringing
is going to achieve.
Mike