[ietf-dkim] -base section 5.2: key timeouts

[Eric Allman]

Per this morning's jabber session, I've changed the second paragraph 
of section 5.2 to read:

        INFORMATIVE OPERATIONS ADVICE:  A signer should not sign with
        a private key when the selector containing the corresponding
        public key is expected to be removed before the verifier has
        an opportunity to validate the signature.  The signer should
        anticipate that verifiers may choose to defer validation,
        perhaps until the message is actually read by the final
        recipient.  In particular, when rotating to a new key-pair,
        signing should immediately commence with the new private key
        and the old public key should be retained for the expected
        validation interval before being removed from the key server.

Please let me know if this fits (or does not fit) consensus.

eric