----- Original Message -----
From: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
I think that a lot of the ambiguity that this discussion centers on
could be avoided if the signer of the message had the ability to assert
the role in which they sign the message rather than attempting to infer
it from the context.
In many instances a 3rd party signer has a very limited intention in
signing the message.
Correct. and I believe the consensus, it should probably only be needed
where the mail integrity will be altered.
But it is all a moot point if the verifiers, where it matters most, does not
put check or put restrictions on it. Otherwise anyone can sign it, alter
it, etc, and this might not be the expectation of the OA, especially under
exclusive policies.
In my view, the confidence of the system comes from the OA *knowing* how
the verification is going to work with full respect for the signing policy.
I'm protected because I have a good sense of the verification process to
respect my policy. If I have little confidence in that verification
process, then I don't think DKIM will be very effective.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com