Mostly agree with Phill's note, except ... >As I argue in a separate email it is not necessary to have per-user >key records to have the ability to perform per-user revocation. In >fact all you need to do is to issue per-user records for the users >you want to revoke.
Your hash and wildcard trick works great if the signatures are all applied by an MTA under the control of the domain's management. But if you let roaming users sign their own mail in the MUA, you really need to give each potentially untrustworthy user a separate key. Otherwise a malicious user could simply use a random selector and the same key, since recipients don't know what selector is supposed to match what user, and the DNS wildcard matches any selector that hasn't been explicitly voided. To turn off the user, you need to turn off every selector that uses his key, which means that the user needs a different key from other people. R's, John _______________________________________________ ietf-dkim mailing list [email protected] http://mipassoc.org/mailman/listinfo/ietf-dkim
