It appears that Richard Clayton <[email protected]> said: > n= is seldom encountered (sysadmins document what they are doing at > complete different stack levels);
My n= tag says where the private key will be published after the next key rotation. But I don't see a practical difference between "ignore n= because it's a comment" or "ignore n= because it's deprecated." > s= was a Good Idea At The Time but other protocols want their own > key definition schemes rather than piggybacking here; and I think it was a lousy idea. If you wanted to publish keys for different services, use different selectors. If you're checking a mail signature and you get an otherwise valid key with s= saying it's for, I dunno, SIP, is it more likely that the key isn't valid for mail, or that the person managing the DNS guessed wrong? But either way, get rid of it. > t= is commonly seen but pointless... I agree it doesn't tell the verifier anything useful. If you don't trust your signing code, don't use it to sign mail sent to other people. R's, John _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
