Mark Delany wrote: > I believe the general thrust is that DKIM keys are ephemeral > so no one should rely on there long-term presence. [...]
With each key there is an associated selector:domain pair, so with a key rotation comes the change of a selector. Such a purpose of a selector is clearly documented in the DKIM rfc. Rumor has is that some large players (such as Yahoo!) are disregarding such ephemeral property of a selector and are trying to associate a reputation scheme based on both the domain *and* the selector. If such approach catches up, it would mean the end of a free choice of domains to roll up new signing keys periodically. Are my worries warranted? Is there anything than can be done about it to prevent such practice? Mark _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
