Arvel Hathcock wrote:
PS: I still didn't hear much about what specific parallel scenarios
we'd like to support btw. e.g. if a single message can have both new
and old signatures from the same domain, do we require that the same
public key be usable to verify both, or should we remain silent on
that, or something else?
If anything, I'd prefer that the same public key be required to verify
both.
REQUIRED is probably too much in general, since I guess someone
could have two implementations on different boxes with different
h/w crypto support so that using the same private key wouldn't
(always) be possible.
I could imagine it being reasonable to ask that ssp provide a
way to state something like: "for this domain, when I also include
a legacy signature, it will be verifiable with the same public key."
Whether or not that'd worthwhile, or even a good idea, I don't
know myself, but it does seem a reasonable issue to raise.
Stephen.
_______________________________________________
ietf-dkim mailing list
http://dkim.org