Why not? Leave the choice of identities to the publisher, then *we* don't
have to pick any one (or two). We can pick the whole set.
people who carefully read andy's email on "Identities and Authorization"
will see this paragraph:
1) We have been given a list of 5 or 6 identities from which to pick.
If we did not narrow the list, where would most of the complexity be
located? A sender needs to implement only one, but would a receiving
MTA need to implement an authorization path for all, and might there be
overlap or conflict?
put more plainly: allowing multiple identities (or policy algorithms)
places an exponential burden on the receiver as they must support for
all possible combinations. if the base number is small, the number of
choices remains small and the burden isn't that onerous. if the base
number isn't small, then the number of choices ensures that the solution
will never see widespread deployment.