[ietf-dkim] Key rotation
steve at wordtothewise.com
Thu Sep 9 11:26:28 PDT 2010
On Sep 9, 2010, at 11:12 AM, McDowell, Brett wrote:
> On Sep 4, 2010, at 9:31 PM, Steve Atkins wrote:
>> The whole point of rotating keys is so that loss of an old private key
>> isn't a risk. Given that, I think that even if you're fairly sure that a key
>> pair hasn't been compromised then you should remove the public
>> key as soon as is reasonable after you stop signing with the private
>> key - as the private key continues to be a high value target until
>> the public key is removed.
>> Eight days is as short as I'm comfortable with, so that's as soon
>> as is reasonable for me.
> ...but what would be "as long as I'm comfortable with"? Have we seen DKIM private keys compromised due in large part to leaving the public keys in rotation for too long... and what was "too long" in those instances.
That question doesn't make any sense.
> I'd be surprised to discover many senders are rotating keys every eight days.
I didn't suggest rotating keys every eight days. Rather, I suggested leaving the public keys in place for 8 days after removing the associated private key.
More information about the ietf-dkim