[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Paul Hoffman
At 5:41 AM -0700 4/12/06, Hallam-Baker, Phillip wrote:
I think the semantics are 'don't count on being able to verify this
message after this date'.
Why would you think that? The semantics of x= say nothing about those
semantics:
Signature expiration in seconds-since-1970 format
as an absolute date, not as a time delta from the signing
timestamp. Signatures MUST NOT be considered valid if the
current time at the verifier is past the expiration date.
If you *want* the semantics to mean 'don't count on being
able to verify this message after this date', that's fine,
but you need to ask the WG to change the document for that to happen.
The semantics of the attributre are the product of the context in which it
is used.
It would be a good thing for the WG to give a correct descripton of the
semantics but I am relaxed on this point. It is not possible to realize the
semantics proposed. I can use the signature in a court of law any time I
please.
From an administrative point of view it is useful to be able to tell the
signer 'hey dude' (that's technical speak) 'hey dude if you want to verify
this signature better get the signature key before this date.'
Signature expiration in seconds-since-1970 format
as an absolute date, not as a time delta from the signing
timestamp. The signature expiration date allows the signer
to notify verifiers that distribution of the signing key
MAY cease once the expiration date has passed.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html