On Sep 4, 2010, at 9:31 PM, Steve Atkins wrote:
The whole point of rotating keys is so that loss of an old private key
isn't a risk. Given that, I think that even if you're fairly sure that a key
pair hasn't been compromised then you should remove the public
key as soon as is reasonable after you stop signing with the private
key - as the private key continues to be a high value target until
the public key is removed.
Eight days is as short as I'm comfortable with, so that's as soon
as is reasonable for me.
...but what would be "as long as I'm comfortable with"? Have we seen DKIM
private keys compromised due in large part to leaving the public keys in
rotation for too long... and what was "too long" in those instances.
I'd be surprised to discover many senders are rotating keys every eight days.
-- Brett
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html