Is it prudent for domainkeys to attempt making assurances for the local-
part of the mailbox address? Not accommodating this local-part assurance
(via individual keys), would acknowledge domainkey's relative weakness in
terms of its ability to scale in this manner.
this is a transit validation mechanism, not a full-fledged legal signature
mechanism.
the nature of the 'assurances' being offered are intentionally minimal. the
purpose of the finer-grained keys has more to do with management than it does
with making strong assurances about the purported author.
I'm OK with it as long as it's clear this is only done for the purposes of
getting finer-grained keys and we're not shifting away from transit validation.
OTOH, could DNS scaling issues possibly be lurking nearby? (I don't mean this
to be a rhetorical question - I'm not a DNS guru so I really don't know the
answer.)
Ned