* Gerd Hoerst via Postfix-users <[email protected]>: > Hi ! > > OK it has only indirect something to to with postfix. > I have actually a DKIM setup running on my mailserver (with all DNS entries) > is it possible to let the secondary MX run with the same DKIM keyset ? and > if yes => is this a good idea ? :-)
The question whether to use the same keys on multiple servers is mostly driven by the level of security you want to / need to accieve. One should be aware that DKIM keys will used to apply signatures which mostly will be used only once - at the time of message delivery - and then never again. They don't face the same security requirements regarding long term stability like keys material for message encryption. Within this context it is justifiable for the same reasons to re-use the keys on multiple servers. The German BSI (Federal Office for Information Security) says in its technical guideline TR03182 that you (as a provider) may even use the same key for multiple domains for the same reasons stated above: the material is used for a one time verification only. However you should aim to roll the material about once a year. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
