I think this is the key issue then and we ought to focus on it. In
my view almost the entire point of a signing policy is constraining
whose signatures are considere authorized by the domain owner.
I'm assuming that when you say authorized, you mean authoritative.
(English definitely has its shortcomings.)
A few scenarios:
Message from domain A, signed by A; does SSP matter at all?
Message from A, signed by B; A's SSP says B signs all its mail
Message from A, signed by A and B; does SSP matter? (I hope not.)
Message from A, signed by C; SSP says nothing about C.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html