There are likely to be cases within a domain where a client
wants to get his address "signed" with BATV but where you don't want to
hand out the shared secret (or private key for that matter) to the client.
As such, a missing component here is a on-wire way to ask some agent to
form this signing operation. The obvious place to have this is as an SMTP
eubmit extension, although of course other approaches are possible.
Sounds like a useful mechanism to pursue, but it is out of scope for this
At the least, it is typical to have interactions between components in an ADMD
specified separately from the core, end2end mechanism.