John Levine wrote:
Parsing and dealing with the value in x= is probably easier code than
doing the same with a date-stamp from a Received header.
I think we all agree that t= is useful to have an easily parsed version
of the time the message was signed.
I have a lot more trouble understanding why t= needs to be kept than why
x= needs to be kept. As a signer, I would much rather specify an
expiration time for the signature than to specify the time at which it
was signed than to have the verifier add a fudge factor to the signing
time and use that as the expiration. On this list, I have already heard
numbers between 1 and 2 weeks for the fudge factor, so the signer would
really have no idea how long the signatures are valid.
In addition to Arvel's comment about the relative difficulty of parsing
date/time out of Received headers, it's a really bad idea to do that
because they're not signed.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html