----- Original Message -----
From: "Mark Delany" <MarkD+dkim(_at_)yahoo-inc(_dot_)com>
To: <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Thursday, April 13, 2006 11:59 AM
Subject: Re: [ietf-dkim] x= lets senders expire responsibility
Signatures with selectors resulting in NXDOMAIN DNS queries
SHOULD NOT be considered valid?
I have to check the spec, but I thought that you set p= to the empty
string and leave the Selector in place if you wish to revoke the key.
Just for readership:
| p= Public-key data (base64; REQUIRED). An empty value means that
| this public key has been revoked. The syntax and semantics of
| this tag value before being encoded in base64 is defined by the
| k= tag.
Ahhh, I missed this point - keeping the selector but setting the data to
empty.
ok, sounds like this will work then to signal an expiration. Not as
efficient (need a lookup), but in such a case, as long as the selector is
still active and p= data is empty, x= is not required. You got your
indicator.
I think I might change my vote to "Get Rid of X=" :-)
I still like the idea of expiring a signing on a per message basis. Pretty
powerful option for signers. x= will provide this.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html