On 09/09/2010 11:12 AM, McDowell, Brett wrote: > On Sep 4, 2010, at 9:31 PM, Steve Atkins wrote: > >> The whole point of rotating keys is so that loss of an old private key >> isn't a risk. Given that, I think that even if you're fairly sure that a key >> pair hasn't been compromised then you should remove the public >> key as soon as is reasonable after you stop signing with the private >> key - as the private key continues to be a high value target until >> the public key is removed. >> >> Eight days is as short as I'm comfortable with, so that's as soon >> as is reasonable for me. > > > ...but what would be "as long as I'm comfortable with"? Have we seen DKIM > private keys compromised due in large part to leaving the public keys in > rotation for too long... and what was "too long" in those instances. > > I'd be surprised to discover many senders are rotating keys every eight days. >
I think he's talking about keeping a key around 8 days after it's been deprecated so that in-flight mail will still verify. Mike _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
