[ietf-dkim] x= lets senders expire responsibility
Steve Atkins
steve at blighty.com
Fri Apr 14 11:10:56 PDT 2006
On Apr 14, 2006, at 11:04 AM, Dave Crocker wrote:
>
>
> Bill.Oxley at cox.com wrote:
>> I suspect in the real sysadmin world changing keys every week
>> probably
>> isn't going to happen :-)
>
>
> Given the intended use of DKIM and given the current state of DNS
> administrative tools, what do folks think *is* a realistic
> expectation (and recommendation) for the lifespan of a key, for a
> typical email operation?
>
> In other words, given the pragmatics, how often is reasonable an
> appropriate for changing keys?
I expect to see four varieties.
1) Never changes
2) Never changes except when someone realizes they've lost or
leaked the private key.
3) Changed monthly.
4) Cycled on a regular hourly or daily schedule with automatically
generated keys and expiration of DNS records for old keys running
on a custom stunt DNS server.
And I'd expect the vast majority to be the first or the last. Of those,
mostly the first.
Cheers,
Steve
More information about the ietf-dkim
mailing list