On Fri, 13 Feb 2009, Tomasz Chmielewski wrote:
> So I can't have the key file called "default" for all of them, their
> names have to be unique.
Why not? You could have a "default" selector in each domain, all using
the same key if that's what you want.
> Isn't using the domain name in that case the most obvious solution (and
> everyone will have to look up mydomain.tld._domainkey.mydomain.tld for
> each domain)?
That will work, if that's what you want to do. But if you want to change
the key for one domain later, what would you call it? Replacing the key
in the DNS record without renaming it invalidates all signed mail in
transit at the time you do so.
> Or, what do you suggest?
Depends on what you want to do. If each domain should have a unique key
called "default", you could have a directory called (for example)
/var/dkim-keys which contains a subdirectory for each domain, and put the
private key for each domain in a file called "default" in that domain's
subdirectory. So:
/var/dkim-keys/<domain1>/default
/var/dkim-keys/<domain2>/default
...etc.
If you have some other scheme, try describing it and I can see about
proposing some other alternative.
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
