[ietf-dkim] New Issue: selectors and key rollover

[Stephen Farrell]

Section 3.1 says that a new selector should (albeit lowerase
should) be used when keys are rolled. This seems a bit clunky
and may lead to selectors with counter-intuitive names. Why not
include a version number or key ID that'd allow this to be
done better? The version could be included as the last part of
the selector starting from zero, e.g. "alice.0" -> "alice.1" ->
"alice.2" etc.

That might also allow selectors to support >1 private key per
selector per domain - which will be useful for cases where >1
signing MTA exists and h/w crypto is used - some h/w crypto
devices might not support cloning the same private key over
multiple devices.

S.