Why rotate keys that often? And why pull the public one if you do?
Brandon On Jun 10, 2016 3:59 PM, "Ted Cooper" <[email protected]> wrote: > On 11/06/16 05:02, Michael Wise via mailop wrote: > > Well, the From: domain would be a good start. > > > > It would certainly cut down on the trivial forgeries, and could easily > > be transferred from the web to email with a single mailto: link. > > Any signed DKIM message can only be authenticated while the key remains > in DNS - I cycle mine once a month, and pull the key after that. Once it > is no longer available, the signature may as well be made up. > > > > _______________________________________________ > mailop mailing list > [email protected] > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >
_______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
