On Thu, May 3, 2012 at 8:19 AM, Quanah Gibson-Mount <quanah_at_zimbra.com> wrote:
> Is there any reason not to use a guaranteed UUID for the SELECTOR with dkim,
> something like:
>
> 9d624885-08e6-4ebf-bc0f-532b0d9f4060
>
> I ask because we have clients that literally have hundreds or thousands of
> domains. Having them try and pick a selector for each domain, rather than
> generating it programmatically with a UUID seems like it would be a major
> headache to manage.
You can design it so that your system uses any method you choose,
however, it seems like you're wanting to use the uuid alone to link to
a specific dkim key. I use the selector plus the domain. For our
customers I generate a random two character (1 alpha plus 1 digit)
selector and generate a key and store it in that user's domain (perl):
# $key is a RDBO model for a table in our DB
my $rsa = Crypt::OpenSSL::RSA->generate_key( $KEY_SIZE );
$key->key_size( $KEY_SIZE );
$key->private_key( $rsa->get_private_key_string() );
$key->public_key( $rsa->get_public_key_x509_string() );
# Generate random letter + digit for selector
$key->selector( ('a'..'z')[int(rand(26))] . (int(rand(9)) + 1) );
Then I save the $key->id() to the domain records table and the data is
instantly live. Doing such in LDAP should be similar, though I don't
know the specifics of your DNS heirarchy.
...Todd
--
Always code as if the guy who ends up maintaining your code will be a
violent psychopath who knows where you live. -- Martin Golding
Received on Sat May 05 2012 - 15:54:56 PST