On Sat, Sep 04, 2010 at 01:41:41PM -0700, Steve Atkins allegedly wrote: > Do we have any thoughts on 1. how often keys might sensibly be > rotated and 2. how long public keys should remain visible after the > private key has been rotated out?
I believe the general thrust is that DKIM keys are ephemeral so no one should rely on there long-term presence. Your verifying MTA should annotate inbound mail appropriately so that subsequent reliance on the public key is not needed. Authentication-Results header being a good place to store what is needed here. (I know you know this, Steve. I'm just setting the stage). In that light, I would expect that a public key only needs to stay around as long as an email can remain in-transit plus some fudge. Maybe seven days or thereabouts? Turning the question back to you. Is there any motive for removing public keys rapidly apart from when they've been compromised? I can't think of any obvious reason why you'd want to do this, so I'm curious to hear of any use-cases you have in mind that warrant rapid removal. Mark. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html