Re: [Ietf-dkim] DKIM key rotation best practice

Mark Delany <sx6un-fcsr7@qmda.emu.st> Fri, 07 August 2020 03:53 UTC

Return-Path: <sx6un-fcsr7@qmda.emu.st>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 039E13A0DE7 for <ietf-dkim@ietfa.amsl.com>; Thu, 6 Aug 2020 20:53:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=emu.st
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tsEfCjg9ipL2 for <ietf-dkim@ietfa.amsl.com>; Thu, 6 Aug 2020 20:53:26 -0700 (PDT)
Received: from f3.bushwire.net (f3.bushwire.net [IPv6:2403:5800:9100:aaf0:203:0:120:11]) by ietfa.amsl.com (Postfix) with ESMTP id 09F023A0DE4 for <ietf-dkim@ietf.org>; Thu, 6 Aug 2020 20:53:25 -0700 (PDT)
Received: by f3.bushwire.net (Postfix, from userid 1001) id 962BB3B066; Fri, 7 Aug 2020 13:53:23 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; d=emu.st; s=2019; t=1596772403; bh=rnLDYVrnOJ51WRSLNSsFTjqZgiI=; h=Comments:Received:Date:Message-ID:From:To:Subject:References: MIME-Version:Content-Type:Content-Disposition:In-Reply-To; b=Jkl2ofW/9WT6g+NUsv3HbdS9GPlCsVkHvw7qPRiDHCfAaMBANABzSPO4/K3muPA/3 ArD/tA0JQ82A2yaAPnfmp8g+xq3UaNWiGSFCNKnk/RgQKldY+BS43NF//tnEpDPaeb d3FD/L+8Vg0421nGmetzC48gBGZNFWHFmdEjoj24=joj24=
Comments: QMDA 0.3a
Received: (qmail 13762 invoked by uid 1001); 7 Aug 2020 03:53:23 -0000
Date: Fri, 07 Aug 2020 03:53:23 +0000
Message-ID: <20200807035323.13761.qmail@f3-external.bushwire.net>
From: Mark Delany <sx6un-fcsr7@qmda.emu.st>
To: ietf-dkim@ietf.org
References: <BYAPR15MB25670F15F55200ED4145124AEC480@BYAPR15MB2567.namprd15.prod.outlook.com> <59c0fd6f-1406-9981-a78f-1c08d774c76a@dcrocker.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <59c0fd6f-1406-9981-a78f-1c08d774c76a@dcrocker.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/5A-QejXTVsRRyRhA63eHCDr4Bsg>
Subject: Re: [Ietf-dkim] DKIM key rotation best practice
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Aug 2020 03:53:28 -0000

On 06Aug20, Dave Crocker allegedly wrote:
> M3AAWG DKIM Key Rotation Best Common Practices
> (revised March 2019)
> 
> https://www.m3aawg.org/DKIMKeyRotation

Luckily the tl;dr is in the first line. Phew! Quite the read :-)

It seems that both Maawg and letsencrypt are both pro-automation. I think that's the
biggest take-away for the OP.


Mark.