> -----Original Message----- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- > boun...@mipassoc.org] On Behalf Of Mark Martinec > Sent: Thursday, September 09, 2010 9:57 AM > To: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Key rotation > > Mark Delany wrote: > > I believe the general thrust is that DKIM keys are ephemeral > > so no one should rely on there long-term presence. [...] > > With each key there is an associated selector:domain pair, > so with a key rotation comes the change of a selector. > Such a purpose of a selector is clearly documented in the > DKIM rfc. > > Rumor has is that some large players (such as Yahoo!) are > disregarding such ephemeral property of a selector and > are trying to associate a reputation scheme based on both > the domain *and* the selector. If such approach catches up, > it would mean the end of a free choice of domains to roll up > new signing keys periodically. > > Are my worries warranted? Is there anything than can be > done about it to prevent such practice?
It's not the first time I've heard that presented as a reputation idea. Off the top of my head, I think the solution to that would probably be the realization by such verifiers that they're needlessly throttling good domains using such a scheme, causing them more headaches than they solve. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html