ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] x= lets senders expire responsibility

2006-04-14 11:18:55

On Apr 14, 2006, at 11:04 AM, Dave Crocker wrote:



Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:
I suspect in the real sysadmin world changing keys every week probably
isn't going to happen :-)


Given the intended use of DKIM and given the current state of DNS administrative tools, what do folks think *is* a realistic expectation (and recommendation) for the lifespan of a key, for a typical email operation?

In other words, given the pragmatics, how often is reasonable an appropriate for changing keys?

I expect to see four varieties.

1) Never changes

2) Never changes except when someone realizes they've lost or
leaked the private key.

3) Changed monthly.

4) Cycled on a regular hourly or daily schedule with automatically
generated keys and expiration of DNS records for old keys running
on a custom stunt DNS server.

And I'd expect the vast majority to be the first or the last. Of those,
mostly the first.

Cheers,
  Steve

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>