Mark Delany wrote:
On Sat, Sep 04, 2010 at 01:41:41PM -0700, Steve Atkins allegedly wrote:
Do we have any thoughts on 1. how often keys might sensibly be
rotated and 2. how long public keys should remain visible after the
private key has been rotated out?
I believe the general thrust is that DKIM keys are ephemeral so no one
should rely on there long-term presence. Your verifying MTA should
annotate inbound mail appropriately so that subsequent reliance on the
public key is not needed. Authentication-Results header being a good
place to store what is needed here.
(I know you know this, Steve. I'm just setting the stage).
In that light, I would expect that a public key only needs to stay
around as long as an email can remain in-transit plus some
fudge. Maybe seven days or thereabouts?
I believe this was the general view when it was this discussed back in
2006
few years back.
I also wrote an I-D called DKIM-RCVD describing the "time shifting"
issue and a possible solution to address it using a "DKIM-Received:"
header idea:
http://tools.ietf.org/html/draft-santos-dkim-rcvd-00
A proposal offering partial DKIM verification support to help
resolve premature DKIM signature expiration and key revocation
related problems associated with time shifted DKIM verifier
applications.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html