This presumes that a signature is expected to validate a year after it was
created. Since DKIM is for transit, why would anyone expect a validation
to occur that far into the future?
So *should* we continue to think of DKIM as being transit-only?
It seems like there is value in allowing MUAs to re-validate messages
long after they are received in a mailbox, and to be able to distinguish
between cases such as:
invalid key
key was valid when the message was received, but has now expired
algorithm was valid when message received, but sender has now
deprecated it
and so on
The overhead would be to keep old keys lying around in the DNS forever,
and perhaps some more metadata.
Jonathan
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html