On 11 Apr 2025, at 13:04, Richard Clayton wrote: > Let's turn that round ... why did DKIM1 put the selector and the > associated domain into separate fields ? > > If there is a compelling reason for keeping then apart we should take > note it -- otherwise combining them is of minor assistance in handling > crypto algorithm dexterity (see email #11) because we will wish to > specify two (or more) signing key identifiers and otherwise they would > be constrained to be in the same domain.
A selector (public key) record is published in the DNS for a particular domain to allow signatures from that domain, using that selector, to be verified. What is the use case for a signature with two different signing domains? What would the semantics of this be? I expect any algorithm agility would involve multiple selectors from the same domain. -Jim _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
