Ned Freed wrote:
So the thing to do is to come up with standards that say gateways
MUST implement the option to tunnel such material or not be compliant with
Internet specifications, not because some sender is whining about their
signature being busted, but because it is the best interests of recipients to
allow this option.
Given this requiremnent of gateways, I then see some need for a MIME
type which gateways can use to tunnel such material.
I absolutely agree that it is not for the sender to insist on the
criticality of their signature. They cannot even insist the receiver
trust the CA in the sender's certificate, much less know who the sender
is.
It is the purview of the receiver to assign importance to a signature,
and it is reasonable to require them to deploy infrastructure (possibly
edge gateways which can tunnel) to preserve what it is they find
important to preserve. The party which has the most direct need for a
capability is the one most likely to put resources into whatever is
necessary to provide it.
And it is an unfortunate property of workarounds that they tend to
reduce or eliminate the desire for people to deploy a "real" fix.