On 17 Aug 2021, at 15:35, Viktor Dukhovni wrote:
> or (easier, but no idea whether this is effective), use an IMAP client
> to move the message into the INBOX of a Gmail account, and then report
> it as spam.
When this has happened to me in the past I re-enable the POP import feature on
gmail an
> On 20 Aug 2021, at 4:59 pm, Michael Grimm wrote:
>
> Thanks for that information I didn't think about before.
>
> All of my domains are signed by KSK(13) and ZSK(13) and I do still rotate my
> ZSK's every 90 days after my migration from DSA keys. If I do understand you
> correctly, I could
Viktor Dukhovni wrote:
> With ECDSA P256(13) as the DNSKEY (signature) algorithm, the incentive
> to rotate keys frequently (~90 days) is substantially lower, as the keys
> are strong enough to resist cryptographic attacks for years. The only
> practical risk is key disclosure.
Thanks for that
