ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-dkim] DKIM: transit-only?

2006-04-12 08:06:24
from [Jonathan Clark] [Permanent Link] 
This presumes that a signature is expected to validate a year after it was 
created.  Since DKIM is for transit, why would anyone expect a validation 
to occur that far into the future?


So *should* we continue to think of DKIM as being transit-only?

It seems like there is value in allowing MUAs to re-validate messages
long after they are received in a mailbox, and to be able to distinguish
between cases such as:

        invalid key
        key was valid when the message was received, but has now expired
        algorithm was valid when message received, but sender has now
                deprecated it
        and so on

The overhead would be to keep old keys lying around in the DNS forever,
and perhaps some more metadata.

Jonathan



_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [ietf-dkim] x= lets senders expire responsibility, william(at)elan.net
Next by Date:  Re: [ietf-dkim] DKIM: transit-only?, Dave Crocker
Previous by Thread:  Re: [ietf-dkim] multiple keys under same selector+domain?, Mark Delany
Next by Thread:  Re: [ietf-dkim] DKIM: transit-only?, Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]