better yet, the local cert would autovivify at the beginning or after it has been deleted. And how long to we cache the keys in use by peers?
I don't think so! ;-)
Creating a certificate is a computationally expensive proposition (unless you have a hardware encryption device) and should not be wasted on [potentially] a per transaction process.
I could see creating the self-signed CA with a short lifetime (1 month) and regenerating the TLS cert on an even shorter lifetime (weekly?). But most likely, if the MTA's will mostly ignore validating the cert (i.e. challenge the user somehow about the self-signed CA), a standard 1 year lifetime is probably much more reasonable and no less secure.
John
