Michael Thomas wrote:
But that said, Jim has been toying with the idea that the
_signer_ just includes in the signature the address(es?)
that it wants to take responsibility for.
That should probably be "take responsibility as". So this mailing list
could sign and take responsibility as <owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org>.
If I understand
him correctly, it is not necessarily correlated with any
particular 2822 header tag (eg, from, sender...). Again if I
understand this correctly, it would be up to the receiver to
determine which address that it cares about and find a
corresponding signature that contains that asserted address.
Or (more likely, IMO) look at the signatures that are present and
determine which if any contain any useful assertions.
Thus, it seems plausible that a MASS signer could have it
either way? I personally have been pretty reluctant to pick
one kind of 2822|2821 address as being The address that MASS
gives auth/authz; it seems prudent to me to be flexible so
that if the problem mutates, so can we.
Mike
-Jim