>A third-party signature is a lot weaker assertion than an OA signature, >unless you know something about the third party.
Seems to me that no signature is useful unless you know something about the signing party. Let's say you get a message from [EMAIL PROTECTED], with valid signatures from slimy.biz. Now what? Unless you have some knowledge about slimy.biz (or perhaps some well founded suspicions about .biz in general which would apply equally to third party signatures), you don't have much to go on beyond knowing that the return address isn't forged. DKIM will be useful in the short run because we all have quite a lot of knowledge about domains with which we exchange a lot of mail, and that lets us get their mail out of the filtering path. R's, John _______________________________________________ ietf-dkim mailing list http://dkim.org
