That is not correct. The local part of the i= is intended to
provide a binding to the local part of outside origination
headers, not just the domain part. Which is why it is,
in fact, a primary goal.
That doesn't change the fact that it is the /domain/ signing a
message, not a user. That domain may identify the individual user in
such a way that is within the comfort zone of the signing domain
administrator, but the keys are still owned and administrated by the
domain owner.
eric
_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim