[ietf-dkim] multiple keys under same selector+domain?

[Dave Crocker]

> Well, you may want to sign twice for an extended period, say if
> sig1 is rsa-sha1 and sig2 is rsa-sha256 and it takes a year or more
> before you're confident that a sufficient number of peers have
> deployed sha256 verifiers. 


This presumes that a signature is expected to validate a year after it was 
created.  Since DKIM is for transit, why would anyone expect a validation to 
occur that far into the future?

d/
-- 

Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>