Concluding there is significance for a mailbox address assumes mailbox-
addresses are normally constrained by the signing domains, or that DKIM
establishes an appendage of mailbox-address authorizations. It also
seems you want this to include some type of path registrations to
regulate forwarding and mailing lists as well.
I don't know where you get that idea. I've talked about having separate
kinds of signatures for authoring vs. transmission. That's a long way
from any kind of "path registration" or regulation of forwarding or
mailing lists.
I would rather ALWAYS hold the signing domain accountable for any type
of abuse.
If you put signing domains in the position of accepting responsibility
for any type of abuse, you do several things. One is that you make it
more difficult for domains to justify signing messages. And because
"abuse" is subjective (one recipient's spam is another recipient's
useful ad), you end up both legitimizing some amount of abuse and
marginalizing useful and valid behavior.
I think authors of a message should be able to sign the fact that they
authored the message, so that they can prove to their recipients that
such messages are not forgeries.
I think (re)senders of a message should be able to sign the fact that
they (re)sent the message to a set of recipients, so that a recipient
can verify "yes, this message was sent to me by X". Saying that you
sent a message to a recipient isn't quite the same thing as saying that
you're the sender is accountable for any kind of abuse, though it does
tell you who to blame if you get too many messages you don't want -
don't blame the author of the message, blame the person who sent it to you.
As for the revocation identifier, I think it's an interesting idea -
though I still think it's quite reasonable for DKIM to support
signatures from individual addresses, and I don't think one should
preclude the other.
Keith
_______________________________________________
ietf-dkim mailing list
http://dkim.org