It seems too early to know how key selectors might be used,
No it doesn't.
A selector adds one level of name granularity. So does a regular sub-domain
name.
If the purpose of an extra level of granularity is semantic, then it belongs in
the actual name. That is, it belongs in the d= string.
The construct of selector is for a different purpose. It is an administrative
construct, not a semantic one.
Selectors might be used to partition the domain's messages.
It has been a while since I have quoted my favorite system's engineer. His
expertise in considering trade-offs has often been undervalued, so I tend to
make a point of crediting him in these circumstances:
"We could do it, but it would be wrong."
-- R. Nixon; WG Tapes.
If you want to partition among messages -- and by this, I assume that what was
actually meant was to label messages in logically different bins, for the
purpose of permitting differential assessments (reputations) -- then that is
what sub-domains are for, in the d= parameter.
Let me stress a basic point:
The instant that a selector is used semantically, it becomes
worthless for its primary purpose, namely support of multiple
keys for the same d= domain name.
Not all users within a domain are equally trustworthy.
Quite true. And if the signer wants to distinguish among "users" by having
different signatures, then use different d= sub-domains.
This trust may be partitioned by using the 2822.From local-part,
different selectors, or perhaps an r= parameter.
No.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html