From: <Bill(_dot_)Oxley(_at_)cox(_dot_)com>
I suspect in the real sysadmin world changing keys every week
probably isn't going to happen :-)
You probably mean "isn't going to happen too often" :-)
The issue is the "period" when there is concurrency of keys, the rollover
time.
So even if you have a key for over a year, the day you do decide to switch,
how long do you keep the old one? The current minimum recommendation is
seven (7) days. I have no problem changing that two weeks.
In my book, this is not a big deal because there isn't going to be any
solution to the idea of some time-shifted, belated, delayed verifier, with
the extreme case of a vacation user not picking up his mail on a regular
basis. This is especially the case, when it has no help from the backend.
The MUA can pick up DKIM signed messages from different places, each with
their own rollover retention periods. So in my book, its just the nature of
the beast for the MUA.
Also consider this, the USER who installs a MUA DKIM-ready system or DKIM
plug-in, will probably now get vendor instructions that says:
"Installing this PLUG-IN requires your MUA to do mail pickups on
a regular basis. Delaying mail pickups over extended periods
(Weeks), can cause false positives with DKIM signed messages."
Or something like this. The vendor is aware of the situation and they will
make sure the USER will be aware of the situation as well.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html