--On Thursday, May 03, 2012 7:53 PM +0000 "Murray S. Kucherawy"
<msk_at_cloudmark.com> wrote:
>> -----Original Message-----
>> From: opendkim-users-bounce_at_lists.opendkim.org
>> [mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of Quanah
>> Gibson-Mount Sent: Thursday, May 03, 2012 12:47 PM
>> To: opendkim-users_at_lists.opendkim.org
>> Subject: General OpenDKIM setup questions
>>
>> Update leads me to the following questions:
>>
>> Is there ever a time someone would want to re-generate the keys for a
>> domain? If they do, should they use the same Selector as they had
>> previously, or should they use a new one?
>
> You would regenerate keys subject to a key rotation policy of some kind.
> But the theory is "never re-use selectors", so you might name your keys
> "quanah2012" and such, for example.
Ok. What happens on the verification side if email X is sent out at
10:01:01, signed by "quanah2011", then the keys are updated at 10:01:02 to
"quanah2012", and the mail doesn't get verified on the receiving end (some
remote domain with slow transports say. :P ) until 10:02:05 or something?
Will verification still succeed?
Thanks!
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
Received on Thu May 03 2012 - 20:15:00 PST