Doug, The language you're suggesting here sounds like it's suggesting a design (use of Designated Signing Domains) rather than a requirement (ability to delegate signing authority). I'd prefer to see something much more general, i.e. that it be possible to delegate signing authority under the following constraints (...).
-Jim Douglas Otis wrote: > 2. Definitions > > Add: > > o Designated Signing Domain: A designated signing domain may be either > a valid first or third party signature that has been referenced > by an email-address policy. This domain is not required to directly > correspond to some originating email-address domain. > > > 4.6. Scenario 6: Designated Signing Domain > > Many domains do not run their own mail infrastructure, or may > outsource parts of it to third parties. It is desirable for a domain > holder to have an ability designate that other entities sign for the > domain holder with the equivalent of a first party signature. One > obvious use scenario is a domain holder for a small domain that needs > to have the ability for their outgoing ISP to sign mail on behalf of > this email-address domain holder. As with outsourced first party > signing, other use scenarios include outsourced bulk mail for > marketing campaigns, as well as outsourcing various business functions > such as insurance benefits, etc. > > This mode of operation offers two significant advantages over delegating > part of a DNS zone, or the routine sharing of key information. One is > that the ISP receives DKIM abuse reports. The other is the > administration of this assignment can be done autonomously. The > alternatives require coordination with possibly three different > entities. > > As with outsourced first party signing, the provider must be considered > trustworthy and held in high esteem by the domain owner. The ISP does > not select a key referenced from a domain controlled by each customer. > Instead the provider ensures only validated email-address are signed by > a "clean" domain intended to be suitable for the purpose of being > designated in their customer's DKIM 2822.From and 2821.Mail-From > policies. > > With this "designated" mode of operation, a provider improves upon the > acceptance of their messages when the "clean" domain is certified as > only sending messages with validated email-addresses. This benefit > does not require that their customers designate this domain, but such > designation would be an affirmation of the provider's stewardship. > > > -Doug > > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html > _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
