That is not correct. The local part of the i= is intended to provide a binding to the local part of outside origination headers, not just the domain part. Which is why it is, in fact, a primary goal.
That doesn't change the fact that it is the /domain/ signing a message, not a user. That domain may identify the individual user in such a way that is within the comfort zone of the signing domain administrator, but the keys are still owned and administrated by the domain owner.
eric _______________________________________________ ietf-dkim mailing list [email protected] http://mipassoc.org/mailman/listinfo/ietf-dkim
