On Apr 7, 2006, at 8:20 AM, Michael Thomas wrote:
Stephen Farrell wrote:
Yes, but this was a non-goal. We've said all along that it could
be done in an MUA, but not that it was generally a good idea to
put in an MUA since DKIM is intended to have a transport lifetime
relevance.
True. Maybe the wording on "x=" could make that clearer if it said
that the value is "how long I expect the message to be in transit"
rather than "signature expiration"?
You could, but the semantic is more of a "I don't want this to be
in transit after X". You mentioned NNTP Expires, and I think that's
a pretty good analogy, though not exact.
Unlike a news article, there is some danger this expiry time might
generate a message bounce when it establishes a basis for refusal in
a rule-set. Although these would not be the rules you and others
would create, a provider may bounce a message as it passes an
expiration while within their AU. With an expiry in place, disabling
the account could be seen as a adequate response to a replay issue.
A strategy where the signer relies upon message expiration to curtail
abuse reports will also likely lead to expired messages then being
refused.
If x= is retained, there needs to be some cautions added about
handling messages within the AU.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html