A new revision of the Identified Internet Mail spec is now available:
http://www.ietf.org/internet-drafts/draft-fenton-identified-mail-01.txt
Here's a summary of substantive things that are new and different:
- New definition of the origin address of a message. -00 used envelope from;
we now use either From or Sender. The 2822 From is tested first and if it
verifies, that's good enough.
- Key authorization can be retrieved from either a KRS or from the DNS (section
6.1). A new RR is defined for the DNS queries, but there is also provision
(section 8) for TXT records. This also replaces the previous method of getting
the KRS address via SRV record lookup.
- The signer can choose among canonicalization algorithms (section 5.1.1); two
are defined. The sender can also specify a specific number of bytes in the
body to include in the signature, which allows IIM to work with mailing lists
that add stuff at the body, like this mailing list. This message will verify
properly after having passed through the mailing list.
- "Null key" checks for expressing and checking the policy of a domain to see
if it signs all of its outgoing mail. The name comes from the idea that if we
get a message with no signature, then it has been sent with the "null key".
- More discussion of use cases.