Now if you put the new key under a new selector, old messages keep pointing
to the old selector, and new ones now point to the new selector, so there's
no point to having multiple signatures for this usage.
Ah. You mean if you've also deleted the old key record from DNS. Well,
yes, but during a transition where the same entity is signing twice, I
would guess that deleting the old key would be a bit counterproductive
in that case.
Well, you don't delete the old key until all the messages signed with it
have reached their destinations or bounced. From the point of view of a
sender who is changing keys, once the new one is in place (under a new
selector) you might as well switch to using it, there's no value at all
in still using the old key, and hence none in signing with both keys
(in this case).
BTW this changes my view of whether "x=" is valuable - if it really is
one key per selector, then I no longer think that "x=" is valuable.
Feel free to revise your posting under that thread. I'll try base
the sums on people's last opinions. (But I'll probably discount all
postings from anyone who expresses too many opinions. How many is
too many? Not saying:-)
Chuckle. What's that quote about "When the facts change, I revise my
opinions. What do *you* do?" My google-fu isn't up to the challenge...
Jonathan
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html