It appears that Wei Chuang <[email protected]> said: >-=-=-=-=-=- > >On Thu, Jul 10, 2025 at 1:42 PM Allen Robinson <arobins= >[email protected]> wrote: > >> Assuming there ends up being support for multiple signatures within a >> single header field to support algorithm dexterity, a less DNS-impacting >> option could be to have multiple selector+signature pairs within the field. >> This would allow us to keep the single key per record structure of DKIM. >> >> Something like this: >> >> DKIM2-Signature: i=1; d=google.com; s=rsakeysel; bh=RSA_SIG; >> s2=ed25519keysel; bh2=ED25519_SIG > >With this approach, will there be a fixed number of alternative keys per >signature? For example if there are only two allowed, could we then only >have to specify statically "s" and "s2" and similarly "bh" and "bh2"?
While more than two signatures seems sort of unlikely, if we're going to allow multiple signatures, we might as well allow an arbitrary number up to some high limit like 10 and allow s2 through s9 or whatever. I wouldn't think it'd be much harder to check N signatures than to check 2. I suppose a malicious person could add a whole lot of fake signatures as a DoS attack but that's not new; one large mail provider says they see mail with a hundred DKIM-Signature headers now. R's, John _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
