Re: Any benefit to individual keys for subdomains?

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Scott Kitterman <ietf-dkim_at_kitterman.com>
Date: Thu, 25 Apr 2013 13:08:30 -0400

On Thursday, April 25, 2013 09:57:06 AM Murray S. Kucherawy wrote:
> On Thu, 25 Apr 2013, Steve Jenkins wrote:
> > But I'm just wondering if there is any benefit to breaking it out
> > separately
>
> There are a few things that come to mind but they're all kind of minor:
>
> 1) You don't ever have to copy keys from one box to the other, which means
> there's less of an opportunity for mishandling of something sensitive.
>
> 2) Configuration is ever so slightly more tricky.
>
> 3) If there's anyone out there collecting per-selector data about
> reputation, those two machines will develop separate reputations. (That
> may actually be a good thing, depending on how they're used.)

4) If a key were ever broken/compromised it would only compromise signatures
on part of the mail stream, not all of it (so it would mitigate the scope of
the damage).

Scott K
Received on Thu Apr 25 2013 - 17:08:44 PST

This archive was generated by hypermail 2.3.0 : Thu Apr 25 2013 - 17:18:02 PST