Perhaps and this has been proposed in the 2006 DSAP I-D, Doug's has
similar TPA (Third Party Authorization) and I recently tried to rewake
the DSAP idea for ADSP as an extension called ASL (Allowable Signer List).
ADSP allows extension, so a DNS record like
DKIM=all; x-asl=mipassoc.org, gmail.com
would say, that I sign all my mail, and allow those other domains to
also sign.
However, this can be potentially be a high overhead/management for
large companies with many employees using different list servers.
Too true, and I don't think that this kind of delegation would be any kind
of a solution for the ADSP=discardable/MLM problem. It might be used as a
work around for small vanity domains, but wouldn't scale. Plus, I'm not
sure that it would be a great workaround, as it kind of says "if you want
to spoof my email address, here's a list of MLM servers that might accept
my email and apply a convincing signature for you!"
think it fits the millions more market place of small to mid size
domains or private domains that may outsource a one or more third
party signers or use a few professional or trade support list forums.
If you think this is something to pursue, +1 it because I am trying to
see if its worth the effort to reintroduce it.
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html