----- Original Message -----
From: "Tony Hansen" <tony(_at_)att(_dot_)com>
The message corpus found on dkim.org contains messages
with illegal expirations like "x=-1019102801;".
I'll be correcting these in the revised corpus I'm working on.
However, there is a question for the base spec: what should be
done when faced with an invalid expiration date such as that?
Ignore it? Treat it as a signature failure? Treat the message
as always expired?
This isn't like the old days where a sites machine is using the wrong
HELO domain or isn't using brackets Domain literals or there a space
after the MAIL FROM:, etc, and we have all sorts of relaxations. Poor
form *must* be a major part of the protection.
Our implementation will be to reject all illegal DKIM implementations,
the form, the syntax, etc - regardless of any relaxed DKIM specification
or recommendation and especially of any accreditation system saying
otherwise including augmented fee-based tokens.
We would not recommend it to be a great idea to start something "new"
with relaxed provisions for broken implementations - that 80% of the
problem today. It should not be expected behavior.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://dkim.org/ietf-list-rules.html