You slap a new key under the existing selector
but i thought that that was exactly what one is supposed NOT to do.
a selector gets at most one key.
I think this discussion has brought that out. It has sharpened my
understanding - yesterday I thought that you *would* stick multiple
keys under a single selector. It makes a lot of sense to use a single
key per selector (as someone said, selector space is cheap), it was
just a new concept to me. The rest of the discussion is (to my mind)
purely about the utility of multiple signatures. Personally I can't
see a point in using these when rolling keys (or algorithms, as a
matter of pragmatism I figure that if you're rolling an algorithm,
you'd roll a new key to go with it). Doug Otis has pointed out that
there are other reasons to use multiple signatures, and I accept
those examples.
this disparity of the group's understanding about key management strikes me
as... key.
Groan. Now stop that already :-)
Jonathan
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html