Re: SELECTOR question

From: Todd Lyons <>
Date: Sat, 5 May 2012 08:54:47 -0700

On Thu, May 3, 2012 at 8:19 AM, Quanah Gibson-Mount <> wrote:
> Is there any reason not to use a guaranteed UUID for the SELECTOR with dkim,
> something like:
> 9d624885-08e6-4ebf-bc0f-532b0d9f4060
> I ask because we have clients that literally have hundreds or thousands of
> domains.  Having them try and pick a selector for each domain, rather than
> generating it programmatically with a UUID seems like it would be a major
> headache to manage.

You can design it so that your system uses any method you choose,
however, it seems like you're wanting to use the uuid alone to link to
a specific dkim key. I use the selector plus the domain. For our
customers I generate a random two character (1 alpha plus 1 digit)
selector and generate a key and store it in that user's domain (perl):

  # $key is a RDBO model for a table in our DB
  my $rsa = Crypt::OpenSSL::RSA->generate_key( $KEY_SIZE );
  $key->key_size( $KEY_SIZE );
  $key->private_key( $rsa->get_private_key_string() );
  $key->public_key( $rsa->get_public_key_x509_string() );
  # Generate random letter + digit for selector
  $key->selector( ('a'..'z')[int(rand(26))] . (int(rand(9)) + 1) );

Then I save the $key->id() to the domain records table and the data is
instantly live. Doing such in LDAP should be similar, though I don't
know the specifics of your DNS heirarchy.

Always code as if the guy who ends up maintaining your code will be a
violent psychopath who knows where you live. -- Martin Golding
Received on Sat May 05 2012 - 15:54:56 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:40 PST