Re: [ietf-dkim] x= lets senders expire responsibility

ietf-dkim

[Top] [All Lists]

<prev [Date] next>

<prev [Thread] next>

Re: [ietf-dkim] x= lets senders expire responsibility

2006-04-14 11:51:47

from [Michael Thomas]

[Permanent Link]

Dave Crocker wrote:

Steve Atkins wrote:
In other words, given the pragmatics, how often is reasonable anappropriate for changing keys?
I expect to see four varieties.

1) Never changes

2) Never changes except when someone realizes they've lost or
leaked the private key.

3) Changed monthly.

4) Cycled on a regular hourly or daily schedule with automatically
generated keys and expiration of DNS records for old keys running
on a custom stunt DNS server.
To the extent that the working group might wish to specify normativebehavior, I suspect that Choice #1 should be a MUST NOT and probablythe same for #2.
Is #3 a comfortable choice, in terms of balance and effectiveness?Would a different, simple choice be better?
#4 probably is some sort of ideal, but not reasonable to expect orpress form.

Can I suggest that this is a better topic for the BCP? Making normativerequirementson operational issues is usually pushing on string in the bestcircumstances.


      Mike
_______________________________________________

NOTE WELL: This list operates according tohttp://mipassoc.org/dkim/ietf-list-rules.html

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, (continued) Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Douglas Otis Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Stephen Farrell Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Douglas Otis Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Michael Thomas Re: [ietf-dkim] DKIM in the MUA should not be the goal, just a side benifit, Douglas Otis RE: [ietf-dkim] x= lets senders expire responsibility, Hallam-Baker, Phillip RE: [ietf-dkim] x= lets senders expire responsibility, Bill.Oxley Re: [ietf-dkim] x= lets senders expire responsibility, Dave Crocker Re: [ietf-dkim] x= lets senders expire responsibility, Steve Atkins Re: [ietf-dkim] x= lets senders expire responsibility, Dave Crocker Re: [ietf-dkim] x= lets senders expire responsibility, Michael Thomas <= Re: [ietf-dkim] x= lets senders expire responsibility, Arvel Hathcock Re: [ietf-dkim] x= lets senders expire responsibility, John Levine [ietf-dkim] Key Retention and Rollover Stategies, Hector Santos Re: [ietf-dkim] x= lets senders expire responsibility, Michael Thomas Re: [ietf-dkim] x= lets senders expire responsibility, Hector Santos Re: [ietf-dkim] x= lets senders expire responsibility, Jim Fenton Re: [ietf-dkim] x= lets senders expire responsibility, Arvel Hathcock Re: [ietf-dkim] x= lets senders expire responsibility, Stephen Farrell Re: [ietf-dkim] x= lets senders expire responsibility, Hector Santos Re: [ietf-dkim] x= lets senders expire responsibility, Douglas Otis

Previous by Date:	Re: [ietf-dkim] x= lets senders expire responsibility, Arvel Hathcock
Next by Date:	Re: [ietf-dkim] x= lets senders expire responsibility, Arvel Hathcock
Previous by Thread:	Re: [ietf-dkim] x= lets senders expire responsibility, Dave Crocker
Next by Thread:	Re: [ietf-dkim] x= lets senders expire responsibility, Arvel Hathcock
Indexes:	[Date] [Thread] [Top] [All Lists]