But of my address were instead fenton(_at_)mipassoc(_dot_)org and the list
applied a signature with no local-part in i=, one couldn't tell
whether the signature represented the message passing from me to the
mailing list (an Originator Signature), or from the mailing list to
the users.
Right. That's a feature, not a bug. As Jon has eloquently reminded
us, the granularity of DKIM validation is domains, not mailboxes. If
for some reason it is important to you to separate the reputation of
your list mail from your individual mail, sign the list mail with a
different signing domain. You can also put the lists into a different
domain, but that's optional.
The SSP draft that's on the table matches the local-part of the From
address against the local-part of i= if it is provided, so it goes
against what you just said. RFC 4871 also requires the local-part to
match the g= tag on the key if it is present.
4871 says that the local part in g= matches the local part in i= but
that local part is still an opaque token, not a mailbox.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html