Paul Hoffman wrote:
The signer has measured the transit time to location A, and it is
always less than ten seconds. The signing system sets x= to a day to
be safe. Location A's SMTP server, becomes unavailable due to a
backhoe incident. The outgoing mail sits on the signer's system for a
day and a half before connectivity to A is restored. The message
arrives with an non-verifiable signature, even though the signer made
a reasonable assumption when signing.
If what the WG wants is signatures whose life is the time of transit,
we should say that in the protocol definition, not optionally in each
message.
The alternative is to just put normative guidance in the document to the
effect
that x= MUST be greater than t=+2weeks, and less than t=+2 months or
something,
and that it SHOULD be set to t=+4 weeks.
I guess I worry a little about codifying an _exact_ number.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html