Bluejay Adametz via Postfix-users wrote in <bn7pr08mb55884f62237a3cf7241490f6c7...@bn7pr08mb5588.namprd08.prod.outl\ ook.com>: |> One should be aware that DKIM keys will used to apply signatures \ |> which mostly |> will be used only once - at the time of message delivery - and then never |> again. They don't face the same security requirements regarding long term |> stability like keys material for message encryption. | |The signature is only verified once (typically), but that same key \ |is used to sign every message sent, and you really do need to protect \ |that private key just like any other private key. If someone got hold \ |of that key, they could sign Emails using your domain as the sender \ |and they'd look quite legitimate. All our mail relays have their own keys.
I can only concur. And in the future DKIM cryptography could mean more as it does today even, when message content can be verified over all transformations along the message path, back to the original sender: then the value of that key is absolut. I'd only wish the IETF would revert their many faults, and *really* go DKIM, and give it the value it deserves. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
