I agree, and if adopted and deployed, it will require user education/and
careful consideration during deployment not to overstate what this does.
Given how complex this proposal is, I'm wondering whether it wouldn't
be better to do something entirely within the channel, e.g., whole
message encryption using DKIM keys. It would accomplish pretty much
the same thing, while requiring much less of intermediate mail
ietf-smtp mailing list