From following this list, reading the charter, and reading the various
proposals it seems that there are underlying, but largely undiscussed,
differing opinions on exactly what it is we are trying to achieve. And the
differences have a direct impact on what the semantics of the solution are
likely to be. Ignore for a moment the complexities of what exactly we mean by
"From" and how we identify valid MTA's. These problems exist in all three
solution variations.
In a broad sense there seem to be three different types of solutions being
discussed.
The first is the one described in the charter, and is the most narrowly
defined. At its most basic level it is
"a receiver knows mail from domain x is valid if it comes from one of a set of
MTA's identified in a DNS record".
The second is slightly broader than this. A receiver can know that mail from
domain x is valid if it meets criteria y where criteria y could be the MTA it
was sent from, or it could be uses S/MIME, or it could be that the message is
signed with a specific signature. DK could be seen as a form of this solution
as could some of the cases Phillip has mentioned.
The third, which seems to underly CID and SPF, is much broader. These solutions
are attempting to define a means for a sender to make statements about their
sending policies. Authentication via the sending MTA is one, and perhaps the
primary, piece of policy information that could be expressed, but these
solutions can be extended to include many other statements like accredition, or
certification.
If I am wrong and there is a consensus here that I have just misunderstood. I
apologize. If not I think rough agreement on what a solution should be able to
do would go a long way towards clarifying both semantic and syntactic
discussions.