Scott Kitterman wrote:
As we think through the definition of minimum, I think it important that we
consider the class of domains that are not supported by one or more dedicated
mail servers. ...
Is the concept of operations that these servers should sign using the
provider's key (so all signatures for the domain are 3rd party) or that the
provider should manage multiple keys to support per domain keys and sign the
messages first party for the domain?
Why should it matter whether the host is shared, or not? The question of
whether to have the provider do the signer or whether to have a content agent
(rfc2822.From or rfc2822.Sender) strikes me as important generally, not just
when the provider has more than one user domain sending from the provider's
platform.
The essential question is whose reputation (accreditation, certification, etc.)
is to be used. It might well be that there should be a signature by EACH of the
relevant domains, in order to call on reputation information both for the author
as well as for the originating provider.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html