Eliot,
Just curious.
Since we now have the chieftain syndrome in play, anyone care to provide the
professional courtesy explaining why?
Seriously, I would like to understand what are nits and non-nits.
Besides the argument whether x= is required, useful, the sections goes into
detail to provide an itemized series of steps. At what point or step does
one follow the x= functional specification? According the specs, you don't
need to get the public key if there is expired signature. Call it an
optimizing step, I'm just wondering why Joe Average Developer will not see
the same thing.
Thanks
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
----- Original Message -----
From: "Eliot Lear" <lear(_at_)cisco(_dot_)com>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
Cc: "IETF-DKIM" <ietf-dkim(_at_)mipassoc(_dot_)org>; "Eric Allman"
<eric(_at_)sendmail(_dot_)org>
Sent: Friday, April 14, 2006 10:42 AM
Subject: Re: [ietf-dkim] dkim-base-01: Section 6.2 Get the Public Key
Hector,
I'd claim this is not a nit.
Eliot
Hector Santos wrote:
Eric,
In regards to the expiration tag x=, until a decision is made about its
fate, it is still part of the specs. In such a case, to comply with the
x=
current specs, a preliminary step is missing in section 6.2:
| 6.2 Get the Public Key
|
| ...
|
+ 0. If signature has an expiration (x=) tag, check if the signature
+ has expired. Signatures MUST NOT be considered valid if the
+ current time at the verifier is past the expiration date.
+
| 1. Retrieve the public key as described in (Section 3.6) using the
| domain from the "d=" tag and the selector from the "s=" tag.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html