John L wrote:
I don't see why the recipient would have any better idea than the sender
on whether the transit time is acceptable.
Because a recipient has the message after the transit has actually
happened, and knows about the way his mail gets delivered and read.
Assume, for example, someone who uses a verifier in his MUA and only
reads his mail once a week. A sender signs and sends a message on
Monday with a one-day x= value, it's delivered ten seconds later and
spends four days sitting in his mailbox. When our user reads his mail
on Friday, is he allowed to verify it? To me the answer is obviously
yes. How do you handle that with x= ? Do you interpret the x= value
as of some past time when the mail was placed in a stable place? Tell
him tough luck, he's not allowed to use DKIM unless he reads his mail
more often? I don't know how to write rules that would handle every
possible recipient scenario, and neither does anyone else, so it's
nuts to try. It's the same reason that the SMTP RFCs don't try and
set fixed retry or timeout values, only guidelines.
This is why verification at the MDA or an MTA is preferred. If you want
to really handle the case of an MUA verifying a signature when the user
returns from an "email vacation", the signature lifetimes need to be
much longer.
From the DKIM WG charter:
To prevent this task from becoming unwieldy, several related topics are
considered out of scope for the DKIM working group. These topics
include:
[...]
* Signatures that are intended to make long-term assertions beyond the
expected transit time of a message from originator to recipient,
which is normally only a matter of a few days at most.
For me, x= expresses the intent of the signer as to how long the
signature should be valid.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html