[ietf-dkim] multiple keys under same selector+domain?
dhc at dcrocker.net
Tue Apr 11 17:46:16 PDT 2006
> Well, you may want to sign twice for an extended period, say if
> sig1 is rsa-sha1 and sig2 is rsa-sha256 and it takes a year or more
> before you're confident that a sufficient number of peers have
> deployed sha256 verifiers.
This presumes that a signature is expected to validate a year after it was
created. Since DKIM is for transit, why would anyone expect a validation to
occur that far into the future?
More information about the ietf-dkim