Paul Hoffman wrote:
The focus on transit-related validation -- as distinctly different
from open-ended, long-term validation, has been fundamental for the
entire life of this effort.
Then that should be stated in the document, not just in the lore of the
WG.
Yes it should.
Further, nothing in the discussions of MUAs doing validation seem to
talk about the obvious case that an MUA might do first validation long
after "transit".
Yeah. The discussion has raised an interest point about this, IMO.
Further, section 6.4 makes no sense and has to be eliminated or
seriously re-written. You can't put a header in a message for a fact
that will become untrue in the future.
The header simply says that the
message was validated. Not that it can be validated at some point in
the future.
There is a huge disconnect here. x= is *not* talking about the ability
to validate at some point in the future; it talks about a message that
is valid at one point becoming invalid at a later point.
It should talk about being able to conduct a validation within a window of time,
and not being able to do it after the window closes. And treating the message as
having no signature, absent the ability to do a validation and absent any other
validation information (like an authentication header.)
This is not about a "contract signature" becoming invalid. It is more like a
traffic light changing. Transit is ephemeral, so it should not be surprising
that a mechanism related to transit is ephemeral.
The text in draft-kucherawy-sender-auth-header-03, which is a normative
reference from dkim-base, gives the following semantics for the "pass"
label:
I thought that it was (being) removed as a normative reference.
sending domain publishes an authentication policy of some kind,
and the message passed the authentication tests
Note the past tense used: "passed the authentication tests". In a normal
environment, that is sufficient for a MUA to give a sensible notice. But
in an environment where a message can be valid at one moment and invalid
at the next, that is not sufficient to tell the MUA what to display at
any particular time.
Is this clearer?
"passed the authentication tests" is an accurate description of what took place.
"Message valid at one moment and not at the next" is not.
Further, section 6.5 will have to be re-written as well to say that
when passing the signature validation information to higher-level
processes, they will need to come with the time after which the
signature is no longer valid.
huh? why?
So that the higher level process can determine when the signature on the
message is no longer valid. Think of it this way: Two people look at a
check. One says to you "this check written out to you is for $100", and
the other person says "this check written out to you is for $100, but it
is no longer valid after tomorrow".
A DKIM signature says that someone asserts that they are accountable for message
transit. You are confusing limitations in the ability to perform a validation
check, with the continuation of the assertion's validity.
If you go through an intersection when the light is green (for your direction)
it was valid for you to proceed. The light changes. The validity of your
having transited the intersection does not.
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html