This presumes that a signature is expected to validate a year after it was
created. Since DKIM is for transit, why would anyone expect a validation
to occur that far into the future?
So *should* we continue to think of DKIM as being transit-only?
It seems like there is value in allowing MUAs to re-validate messages
long after they are received in a mailbox, and to be able to distinguish
between cases such as:
key was valid when the message was received, but has now expired
algorithm was valid when message received, but sender has now
and so on
The overhead would be to keep old keys lying around in the DNS forever,
and perhaps some more metadata.
NOTE WELL: This list operates according to