* Murray S. Kucherawy <msk_at_cloudmark.com>:
> > -----Original Message-----
> > From: opendkim-users-bounce_at_lists.opendkim.org [mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of Quanah Gibson-Mount
> > Sent: Thursday, May 03, 2012 12:47 PM
> > To: opendkim-users_at_lists.opendkim.org
> > Subject: General OpenDKIM setup questions
> >
> > Update leads me to the following questions:
> >
> > Is there ever a time someone would want to re-generate the keys for a
> > domain? If they do, should they use the same Selector as they had
> > previously, or should they use a new one?
>
> You would regenerate keys subject to a key rotation policy of some kind. But the theory is "never re-use selectors", so you might name your keys "quanah2012" and such, for example.
Key rotation, as Murray said, but also in case you need to revoke a key
(selector + empty PTR). Maybe 'revoking' should be one of your tools abilities
too.
p_at_rick
--
state of mind ()
http://www.state-of-mind.de
Franziskanerstraße 15 Telefon +49 89 3090 4664
81669 München Telefax +49 89 3090 4666
Amtsgericht München Partnerschaftsregister PR 563
Received on Thu May 03 2012 - 22:20:15 PST