This points up an issue with the use of selectors. Some signers use selectors to differentiate streams of mail. This plays in to what you describe Yahoo! as doing for reputation.
We will be using the approach you describe for key rotation. Given that my goal is to rotate keys quarterly (more for operational considerations than security) this would be a problem if Yahoo! is really going this route. Mike > -----Original Message----- > From: [email protected] [mailto:ietf-dkim- > [email protected]] On Behalf Of Mark Martinec > Sent: Thursday, September 09, 2010 12:57 PM > To: [email protected] > Subject: Re: [ietf-dkim] Key rotation > > Mark Delany wrote: > > I believe the general thrust is that DKIM keys are ephemeral > > so no one should rely on there long-term presence. [...] > > With each key there is an associated selector:domain pair, > so with a key rotation comes the change of a selector. > Such a purpose of a selector is clearly documented in the > DKIM rfc. > > Rumor has is that some large players (such as Yahoo!) are > disregarding such ephemeral property of a selector and > are trying to associate a reputation scheme based on both > the domain *and* the selector. If such approach catches up, > it would mean the end of a free choice of domains to roll up > new signing keys periodically. > > Are my worries warranted? Is there anything than can be > done about it to prevent such practice? > > Mark > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
