Why rotate keys that often? And why pull the public one if you do?
Brandon On Jun 10, 2016 3:59 PM, "Ted Cooper" <ml-mailop...@elcsplace.com> wrote: > On 11/06/16 05:02, Michael Wise via mailop wrote: > > Well, the From: domain would be a good start. > > > > It would certainly cut down on the trivial forgeries, and could easily > > be transferred from the web to email with a single mailto: link. > > Any signed DKIM message can only be authenticated while the key remains > in DNS - I cycle mine once a month, and pull the key after that. Once it > is no longer available, the signature may as well be made up. > > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
