John L wrote:
If the answer is "not very", that tells me that both x= and fixed time
limits are a mistake.
That may well be true, but the credibility of a DKIM signature
in a court, or a year after signing, is explicitly not in scope
of this WG according to our charter.
I hope the credibility of a signature to a recipient is in scope, which
is why I'm trying to figure out how x= or fixed time limits affect that
credibility.
I wouldn't call it credibility, but clearly the cryptographic
correctness of a signature that's just been received is in scope.
As is whether or not the signature satisfies whatever other rules
are specified in base. (And later we'll get to tackle the SSP-stuff
for signatures, but not seriously until base is done.)
With the current spec, I'd say that for values of t and x that have
been mentioned so far, maybe what happens at t+2*(x-t) is reasonable
to think about, but we can, and according to our charter, should,
entirely ignore what might or might not happen at t+100*(x-t).
The good reason to work this way is that the decade-later arguments
bring with them lots of stuff we just don't want to consider (e.g.
signed timestamps, archives of DNS RRs, what OS?. etc. etc.). But
there's the LTANS WG for people who like that kind of thing. There's
nothing wrong with thinking about those issues, but they're not
for this WG, with this charter.
Stephen.
PS: Sorry for jumping in on this one, but the topic is an enormous
rathole.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html