John L wrote:
I don't see why the recipient would have any better idea than the sender
on whether the transit time is acceptable.
Because a recipient has the message after the transit has actually
happened, and knows about the way his mail gets delivered and read.
> Assume, for example, someone who uses a verifier in his MUA and only
> reads his mail once a week. A sender signs and sends a message on
> Monday with a one-day x= value, it's delivered ten seconds later and
> spends four days sitting in his mailbox. When our user reads his mail
> on Friday, is he allowed to verify it?
If by some miracle people actually rolled their keys over every
week -- as Mark is to be suggesting as the alternative to x=
-- then your use case would not work either.
To me the answer is obviously
yes. How do you handle that with x= ?
This is a false dilemma because you are requiring dkim to work in
situations that it was explicitly not intended to work for.
NOTE WELL: This list operates according to