Re: [ietf-dkim] x= lets senders expire responsibility

ietf-dkim

Re: [ietf-dkim] x= lets senders expire responsibility

2006-04-14 11:33:07



Steve Atkins wrote:

In other words, given the pragmatics, how often is reasonable anappropriate for changing keys?


I expect to see four varieties.

1) Never changes

2) Never changes except when someone realizes they've lost or
leaked the private key.

3) Changed monthly.

4) Cycled on a regular hourly or daily schedule with automatically
generated keys and expiration of DNS records for old keys running
on a custom stunt DNS server.

To the extent that the working group might wish to specify normative behavior, Isuspect that Choice #1 should be a MUST NOT and probably the same for #2.

Is #3 a comfortable choice, in terms of balance and effectiveness? Would adifferent, simple choice be better?


#4 probably is some sort of ideal, but not reasonable to expect or press form.

d/
--

Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________

NOTE WELL: This list operates according tohttp://mipassoc.org/dkim/ietf-list-rules.html

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, (continued) Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Stephen Farrell Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Douglas Otis Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Stephen Farrell Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Douglas Otis Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Michael Thomas Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Douglas Otis RE: [ietf-dkim] x= lets senders expire responsibility, Hallam-Baker, Phillip RE: [ietf-dkim] x= lets senders expire responsibility, Bill.Oxley Re: [ietf-dkim] x= lets senders expire responsibility, Dave Crocker Re: [ietf-dkim] x= lets senders expire responsibility, Steve Atkins Re: [ietf-dkim] x= lets senders expire responsibility, Dave Crocker <= Re: [ietf-dkim] x= lets senders expire responsibility, Michael Thomas Re: [ietf-dkim] x= lets senders expire responsibility, Arvel Hathcock Re: [ietf-dkim] x= lets senders expire responsibility, John Levine [ietf-dkim] Key Retention and Rollover Stategies, Hector Santos Re: [ietf-dkim] x= lets senders expire responsibility, Michael Thomas Re: [ietf-dkim] x= lets senders expire responsibility, Hector Santos Re: [ietf-dkim] x= lets senders expire responsibility, Jim Fenton Re: [ietf-dkim] x= lets senders expire responsibility, Arvel Hathcock Re: [ietf-dkim] x= lets senders expire responsibility, Stephen Farrell Re: [ietf-dkim] x= lets senders expire responsibility, Hector Santos

Previous by Date:	Re: [ietf-dkim] x= lets senders expire responsibility, Michael Thomas
Next by Date:	Re: [ietf-dkim] x= lets senders expire responsibility, Arvel Hathcock
Previous by Thread:	Re: [ietf-dkim] x= lets senders expire responsibility, Steve Atkins
Next by Thread:	Re: [ietf-dkim] x= lets senders expire responsibility, Michael Thomas
Indexes:	[Date] [Thread] [Top] [All Lists]