If a site wanted to revoke instantly any signature previously
generated with rsa-craphash, couldn't it just revoke its old keys
and generate new keys, and begin signing with rsa-goodhash?
Yes, it is a design feature of DKIM that an operational crypto error
can be instantly "revoked" by merely yanking the keys from DNS (modulo
cache timeouts etc). The only thing I would correct in your statement
is the word "revoke." DKIM bypasses the very notion of revocation by
being key-centric.
Though the spec discusses an empty p= as giving an explicit "revoke"
indication.
Mark.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html