Eric,
While there are probably some hints of "all your eggs in one [encryption
key] basket" concerns, the underlying machinery does not prevent you
from using the same key pair for signing emails for multiple domains.
One piece of advice is to use CNAMEs to point your various domains at a
canonical TXT record that contains your public key, so that if you ever
do rotate your key (either after a breach, or just out of good security
hygiene), you only have to update that one canonical TXT record that all
the CNAMEs point to, rather than N number of TXT records, one per domain.
HTH, HAND,
Dossy
On 3/31/21 4:59 PM, Eric Germann wrote:
Issue is fixed. It was a record formatting issue in BIND that clipped
the record (before the one that only showed v=DKIM1)
I route several domains thru this box. Is there any issue with using
the same private key and published public key for each domain.
Formatting the DNS record is a PITA.
Sorry for the flurry of questions. Thanks for the heads up to chase
down DNS.
--
Dossy Shiobara | "He realized the fastest way to change
do...@panoptic.com | is to laugh at your own folly -- then you
http://panoptic.com/ | can let go and quickly move on." (p. 70)
* WordPress * jQuery * MySQL * Security * Business Continuity *
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
