RE: General OpenDKIM setup questions

From: Quanah Gibson-Mount <>
Date: Thu, 03 May 2012 13:14:48 -0700

--On Thursday, May 03, 2012 7:53 PM +0000 "Murray S. Kucherawy"
<> wrote:

>> -----Original Message-----
>> From:
>> [] On Behalf Of Quanah
>> Gibson-Mount Sent: Thursday, May 03, 2012 12:47 PM
>> To:
>> Subject: General OpenDKIM setup questions
>> Update leads me to the following questions:
>> Is there ever a time someone would want to re-generate the keys for a
>> domain? If they do, should they use the same Selector as they had
>> previously, or should they use a new one?
> You would regenerate keys subject to a key rotation policy of some kind.
> But the theory is "never re-use selectors", so you might name your keys
> "quanah2012" and such, for example.

Ok. What happens on the verification side if email X is sent out at
10:01:01, signed by "quanah2011", then the keys are updated at 10:01:02 to
"quanah2012", and the mail doesn't get verified on the receiving end (some
remote domain with slow transports say. :P ) until 10:02:05 or something?
Will verification still succeed?



Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra ::  the leader in open source messaging and collaboration
Received on Thu May 03 2012 - 20:15:00 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:40 PST