ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] proposal: retain x=

2006-04-08 21:43:52
The current proposal to remove x= has normative text which
requires verifiers to hard code a value that approximates the
maximum transport time of SMTP.

Good point.  Change it to:

 Receivers SHOULD NOT interpret signatures older than the maximum
 transit time of the service used to deliver the message.  In the case
 of SMTP[RFC2821, Sec 4.5.4.1] the maximum transit time is typically a
 week.

1) These transport times are only informally known, but putting
    an absolute value in the DKIM spec, we will make it to brittle
    to any changes for that assumption

I don't see anyone other than perhaps you advocating putting an
absolute value in the spec.  RFC821 and RFC2821 have only non-binding
suggestions for timeouts and retry intervals, and leave the sender
retry schedule almost entirely up to the sender, and they work fine.

In our case, a recipient knows just as well as a sender (maybe better)
how the message arrived and what the likely max transit time is, and
can pick and apply an appropriate timeout with no help from x=.

Perhaps we have a confusion between precision and accuracy.  It's
true, with x= you can set a very precise time limit, but that doesn't
mean it accurately states the useful life of a signature.  If I were
writing DKIM code, I'd say I dunno, it's about two weeks, which I then
encode as 1,209,600 seconds.  That looks really precise, but we all
know as an estimate of transit time, it's give or take several days at
least.  So don't bother.

R's,
John


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>