At 4:32 PM -0700 4/8/06, Michael Thomas wrote:
Paul Hoffman wrote:
At 4:14 PM -0700 4/8/06, Michael Thomas wrote:
Add a new paragraph at the end of section 1.1:
A DKIM signature is intended to be verifiable for about the
length of time of that it would take to transport the message in
SMTP; this is almost always less than two weeks. The signature is
not intended to be used for archival purposes, and verification
of the signature after this period is not an intended or desired
feature of the DKIM protocol.
This text doesn't seem to be able to make up its mind if it's informational
or normative.
I have no idea what you mean. It is normative.
"for about" and "almost always" are normative?
Yes. They specify the semantics of DKIM signatures in a way to which
implementers are fully expected to adhere. They are not informative
or optional. They are prescriptive.
We cannot remove the "for about" because that would lead to a silly
state, namely that the verifier would have to verify the signature
before the length of time it took to deliver the message. I say "for
about" to indicate that our intention is that it will be verified
soon after delivery.
We cannot remove "almost always" because someone will come up with a
pathological example of mail that was held more than two weeks (I
think I heard that some systems did this after the devastating
tsunami of 2004).
Yet the semantics are clear: the intention is that the protocol will
be used this particular way.
This is not implementable or testable
as written.
True, but "testable" is not the same as normative, at least in the
IETF sense (which I fully admit is not defined in any RFC I could
find). Having said that, if anyone has a suggestion of how to tighten
the wording to make it seem more definitive without forcing policy on
the verifier, that would be great.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html