John Levine:
Another way is to have a dkim tag that specify the header that
indicates the stream classification
Many ways to kill the same bird.
If there is a reason why people aren't able to use a d= domain per
stream, I wish someone would explain in simple terms that even a
dimwit like me can understand.
The only arguments I'm aware of is that hostile or incompetent DNS
managers refuse to install key records, which isn't a very good reason
to add cruft to a standard and "I want to do it some other way" which
is even worse.
To give a productive spin to the discussion:
One little-known DKIM fact is that one does not need a different
DNS record per d= domain. One strategically-chosen wild-card under
_domainkey.example.com suffices (e.g. one per sub-organization).
I agree that a different DNS record per d= domain can be a barrier
for non-trivial organizations that have non-trivial latencies due
to bureaucracy or even outsourcing, while bad guys in their small
shops can crank out DNS records with negligible effort.
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html