It seems too early to know how key selectors might be used, whether
reputation accrues to just the parent domain, and the role of the
2822.From address. Perhaps a convention is established for
transactional messages where the right-most label in the key selector
is named "safe". Selectors might be used to partition the domain's
messages. Not all users within a domain are equally trustworthy.
This trust may be partitioned by using the 2822.From local-part,
different selectors, or perhaps an r= parameter. It seems premature
to speculate on how reputation is best applied or how the domain's
traffic is partitioned, identified, and reported.
This is _exactly_ the direction I would like to go, and so far, I
don't see a technical issue with it as long as we _do not_ say, 3rd
parties can sign for me even if I don't want them to. Otherwise, you
can put as many selectors as you want, but without being able to say
that, depending on the situation an unsigned or possibly signed
message from you can be trumped by a 3rd party signature- Handing all
the spades to the unsavory.
NOTE WELL: This list operates according to