"Douglas" == Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> writes:
Brief summary: we disagree a lot.
Douglas> This mechanism is the only means to make the validation
Douglas> of the local-part explicit. It may not be reasonable, if
Douglas> this causes a proliferation of user-keys beyond normal
Douglas> capacity.
That's unclear to me. I'm not sure whether current domainkey
semantics say that the local part is validated. If they do not,
allowing a policy attribute to be attached to a signature saying that
the local part is validated seems sufficient to address your concern.
I disagree that it is desirable to discourage the use of per-keys. I
disagree that it is acceptable for per-user keys not to validate a
local part and will block any IETF document that attempts to do so.
I disagree that it is acceptable to force sites to move addresses into
subdomains to make a signature scheme work or to support a site's
policy.