Oh, and one final note. The document talks a bit about defining a
public key BATV scheme but doesn't actually define anything.
Humor me for a moment here.
The idea of a public key BATV is so the system generating the bounce
can check the signature and not even send bogus bounces. But any
system that is going to DKIM sign its bounce addresses would also be
able to DKIM sign its message bodies, so ADSP discardable already
allows you to declare that everything is signed so don't bounce the
unsigned stuff. We're talking about DSNs here, not SMTP rejects, so
the system generating the bounce is going to have received the message
already. This isn't a situation where you might skip the DATA in a
SMTP session.
Can you think of any likely scenarios where you'd use a DKIM signed
bounce address but not a DKIM signed message? Again, maybe I'm dense,
but I can only think of contrived mailing list examples where the
bounce address domain and the From: address domain are different and
don't have enough DKIM signatures to use ADSP. But I'd think the
solution wouldn't be signed bounces, it'd be a body signature from the
bounce address domain, and an added ADSP keyword to say that you
always do that.
R's,
John