Ah. I need to restate the question a bit. Sorry.
What I was asking was whether the following would be a good
or bad idea.
Same answer. As part of the spec for an SSP-like thing, it makes
sense to allow for limits on what a signer can sign, although I don't
happen to think much of the specific limit rules proposed so far.
As part of a threat analysis, it's somewhere between a premature
optimization and an excursion to the swamps of no return. Please
ietf-dkim mailing list