|
|
|
|
|
|
by brightball
3404 days ago
|
|
|
If somebody gets the original key by any means, they can impersonate your domain in emails because the corresponding public key is sitting in your DNS to validate the message unless you change it. The length of the key only reduces the chance of finding it by brute force. If anybody gets a hold of the key by any other means (compromised mail server or other vulnerability) they can still impersonate you no matter how long the key was...because they'll have it. If the length of the key effects the time it would take to crack it, rotating the keys gives them a usage window so you'd have to be able to crack / obtain it within that window of time for it to be useful. For many sites this probably doesn't seem like a big deal. For sites that deal with heavy phishing attempts though, these precautions are really important. |
|
|