>> You slap a new key under the existing selector > but i thought that that was exactly what one is supposed NOT to do. > a selector gets at most one key.
I think this discussion has brought that out. It has sharpened my understanding - yesterday I thought that you *would* stick multiple keys under a single selector. It makes a lot of sense to use a single key per selector (as someone said, selector space is cheap), it was just a new concept to me. The rest of the discussion is (to my mind) purely about the utility of multiple signatures. Personally I can't see a point in using these when rolling keys (or algorithms, as a matter of pragmatism I figure that if you're rolling an algorithm, you'd roll a new key to go with it). Doug Otis has pointed out that there are other reasons to use multiple signatures, and I accept those examples. > this disparity of the group's understanding about key management strikes me > as... key. Groan. Now stop that already :-) Jonathan _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
