Paul Hoffman wrote:
Greetings again.
---------------------
Summary:
Remove the x= tag from the base spec because it conflicts with some of
the purpose of DKIM and adds unneeded semantics.
---------------------
Rationale:
DKIM permits a signing domain to assert responsibility for a message.
Saying "I only take responsibility for sending the message until this
time, and then I don't take responsibility even though I previously took
responsibility" makes little sense in the real world.
Is there *any* signature by way of its underlying credential that
doesn't have a lifetime?
DKIM is intended to have a transport duration lifetime, eg about
2 weeks. It is not intended to be used for archival purposes or
anything else like that. Like it or not, rolling keys is hard for
a significant set of people who might benefit from DKIM. Saying
that the only way that they can limit their exposure from otherwise
immortal signatures is by revisiting their DNS every few weeks is
unnecesarily burdensome on those operators. x= is a cheap way to
achieve that goal.
Note that the
informative note only says what x= is not. Leaving x= in can also lead
to silly states.
What states might those be?
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html