The most that a signature can do is to identify the responsible party.
There's no point in adding cruft that attempts to go beyond that.
A domain, becoming aware of a problem with an account, can close this
account, but this does not disable the already signed message when a key
is globally used for the domain. Millions of copies of this signed
message may be sent from spam friendly providers well beyond the control
of the signing domain. This would not help their reputation.
Do you think closing the account is enough or should there be a means
within the signature mechanism to invalidate known bad accounts/messages
within a time period shorter than a week?
I don't think much of revocation lists; how many does your web browser
check?
Domain Keys permits an arbitrary number of keys per domain, anywhere from
a single permanent key per domain to (probably needing a custom DNS
server) a key per message. My guess is that domains who have enough
misbehaving users to need to cancel keys for individual users or messages
have bigger problems than key revocation will solve, so I don't see that
as an important criterion for a mailsig scheme.
Mechanical schemes for cancelling keys checked "too many" times are
unlikely to work unless your key checker has an oracle to tell it which
senders and recipeints are mailing lists or distribution lists or
remailers to lists.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.