Any benefit to individual keys for subdomains?

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Steve Jenkins <stevejenkins_at_gmail.com>
Date: Thu, 25 Apr 2013 08:53:15 -0700

Background: I'm working on some "best practices" docs for OpenDKIM, so I'm
re-thinking from scratch some of the stuff I'm doing.

If I have two servers that send mail:

server1.example.com
server2.example.com

Is there any benefit to having separate keys and DNS TXT records for each
subdomain?

I currently have my SigningTable set up like this on server 1:

*_at_example.com default._domainkey.example.com
*_at_server1.example.com default._domainkey.example.com

and this on server 2:

*_at_example.com default._domainkey.example.com
*_at_server2.example.com default._domainkey.example.com

and both servers have a local copy of the same private key.

I've tested this setup and it works fine, mail gets signed on my end and
verified on the other.

But I'm just wondering if there is any benefit to breaking it out separately

Thx,

SteveJ
Received on Thu Apr 25 2013 - 15:53:31 PST

This archive was generated by hypermail 2.3.0 : Thu Apr 25 2013 - 16:00:02 PST