Paul Hoffman wrote:
At 1:18 PM -0700 4/7/06, Michael Thomas wrote:
Paul Hoffman wrote:
At 12:01 PM -0700 4/7/06, Michael Thomas wrote:
The alternative is to just put normative guidance in the document
to the effect
that x= MUST be greater than t=+2weeks, and less than t=+2 months
or something,
and that it SHOULD be set to t=+4 weeks.
That is an alternative, but I would ask "why use that alternative".
Unless x= is compelling, and compelling enough to overcome its
faults, why even put it in with these suggested knob-settings? I
claim that it is not compelling, particularly if the document says
what the purpose of DKIM signatures are.
I'm confused. If we added the text you initially suggested, the
result would be
that a receiver would honor the signature forever.
The receiver *could* honor the signature forever, just as they can
with an x= tag. But, in doing so, they would be going against the
semantics of the DKIM signature.
What semantics are those? There aren't any others in the draft that I'm
aware of.
IIRC, the lack of a x= means that there is no expiration.
Are you saying now that
your original text needs to be amended to have a spec mandated lifetime?
Not at all: I'm saying my original text needs to be amended to add the
WG's intention of what DKIM signatures are for. (I thought it was
already there but, after reading the thread and then going back to the
document, couldn't find it. It must be ingrained in our beliefs, but
not in our text.)
It's not there because with x= it's configurable by the signer.
Assuming your answer is "yes" above, then that's really what's at
issue right?
Correct assumption, but incorrect conclusion. What's "really" at issue
is whether to have a unneeded tag that can cause problems when
removing the tag (and replacing it with text about what the protocol
is for) is better.
I'm sorry, just saying that the protocol is for "transport time" is not
going
to help developers, and is likely to lead to the inconsistencies and
incompatibility
that you are trying to get rid of. x= leaves it as a decision of the
signer to determine
what it wants. Letting a receiver just pick a number out of thin air is
definitely not
what we want -- especially when some dumb receivers would find it
oh-so-suspicious
that mail didn't get to them in the normal 20 minutes and declare the
signature
dead.
But I'm still confused: are you saying that your original proposal needs
work, or
that it's still what you want?
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html