ietf-dkim
[Top] [All Lists]

RE: [ietf-dkim] x= lets senders expire responsibility

2006-04-13 07:29:08
 

[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Paul Hoffman

At 5:41 AM -0700 4/12/06, Hallam-Baker, Phillip wrote:
I think the semantics are 'don't count on being able to verify this 
message after this date'.

Why would you think that? The semantics of x= say nothing about those
semantics:
        Signature expiration in seconds-since-1970 format
        as an absolute date, not as a time delta from the signing
        timestamp.  Signatures MUST NOT be considered valid if the
        current time at the verifier is past the expiration date.
If you *want* the semantics to mean 'don't count on being 
able to verify this message after this date', that's fine, 
but you need to ask the WG to change the document for that to happen.

The semantics of the attributre are the product of the context in which it
is used.

It would be a good thing for the WG to give a correct descripton of the
semantics but I am relaxed on this point. It is not possible to realize the
semantics proposed. I can use the signature in a court of law any time I
please.

From an administrative point of view it is useful to be able to tell the
signer 'hey dude' (that's technical speak) 'hey dude if you want to verify
this signature better get the signature key before this date.'


         Signature expiration in seconds-since-1970 format
         as an absolute date, not as a time delta from the signing
         timestamp. The signature expiration date allows the signer
           to notify verifiers that distribution of the signing key 
           MAY cease once the expiration date has passed.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html