"Douglas" == Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> writes:
>> Domain Keys permits an arbitrary number of keys per domain,
>> anywhere from a single permanent key per domain to (probably
>> needing a custom DNS server) a key per message. My guess is
>> that domains who have enough misbehaving users to need to
>> cancel keys for individual users or messages have bigger
>> problems than key revocation will solve, so I don't see that as
>> an important criterion for a mailsig scheme.
Douglas> The selector mechanism in DK could allow each user to
Douglas> have an individual key, although done at this scale,
Douglas> fingerprints look better.
Why do fingerprints look better?