[Enigmail] Signing message headers [was: X-PGP-Sig support]

[Robert J. Hansen]

> I've pondered various times the idea of mailservers signing certain key
> headers in each message they originate or relay.  It would enable
> unambiguous identification of the real source or injection point of any
> spam with headers forged to conceal its origin. 

It would only allow identification of those mailservers that supported
this new feature.  Spammers would instead use spam-friendly mailservers
that were not configured so.

Also, signatures are phenomenally expensive, from a CPU cycle
perspective.  Doing one signature per message would bring high-volume
servers to their knees.

If/when elliptical curve crypto ever takes off, that will substantially
reduce the computational overhead and this idea may become practical.
But with regular DSA and/or RSA signatures, it's not.

> 'Course, I know plenty of people who say it's time for a whole new mail
> protocol, with end-to-end authentication built in from the start.

Honestly, I don't think either building a new SMTP is a viable option.
Look at how much trouble we're having transitioning from IPv4 to IPv6.
That's a simple transition compared to an SMTP-->SMTP2 transition.