[ietf-dkim] Key rotation
sx6un-fcsr7 at qmda.emu.st
Sat Sep 4 14:55:23 PDT 2010
On Sat, Sep 04, 2010 at 01:41:41PM -0700, Steve Atkins allegedly wrote:
> Do we have any thoughts on 1. how often keys might sensibly be
> rotated and 2. how long public keys should remain visible after the
> private key has been rotated out?
I believe the general thrust is that DKIM keys are ephemeral so no one
should rely on there long-term presence. Your verifying MTA should
annotate inbound mail appropriately so that subsequent reliance on the
public key is not needed. Authentication-Results header being a good
place to store what is needed here.
(I know you know this, Steve. I'm just setting the stage).
In that light, I would expect that a public key only needs to stay
around as long as an email can remain in-transit plus some
fudge. Maybe seven days or thereabouts?
Turning the question back to you. Is there any motive for removing
public keys rapidly apart from when they've been compromised? I can't
think of any obvious reason why you'd want to do this, so I'm curious
to hear of any use-cases you have in mind that warrant rapid removal.
More information about the ietf-dkim