Mostly agree with Phill's note, except ...
As I argue in a separate email it is not necessary to have per-user
key records to have the ability to perform per-user revocation. In
fact all you need to do is to issue per-user records for the users
you want to revoke.
Your hash and wildcard trick works great if the signatures are all
applied by an MTA under the control of the domain's management. But
if you let roaming users sign their own mail in the MUA, you really
need to give each potentially untrustworthy user a separate key.
Otherwise a malicious user could simply use a random selector and the
same key, since recipients don't know what selector is supposed to
match what user, and the DNS wildcard matches any selector that hasn't
been explicitly voided. To turn off the user, you need to turn off
every selector that uses his key, which means that the user needs a
different key from other people.
R's,
John
_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim