ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Proposal: Do the semantics first, then straw poll

2006-04-17 18:31:05
from [Jon Callas] [Permanent Link] 

On 17 Apr 2006, at 2:58 PM, Paul Hoffman wrote:


At 12:11 PM -0700 4/17/06, Jon Callas wrote:
x= is a good thing because many, many people will change their DKIM keys every time they change what mail server they're using. This key will have a years-long, if not decades-long life. Using x= lets them blow off bit rot in messages that they are "responsible" for.
Could you be a bit less folksy in your statement here? A message that they have claimed to be responsible for has no bit rot because, as we have mostly all agreed, the signature checking is done once and the result is noted and possibly stored. By putting the word "responsible" in quotes, are you saying that they are not responsible for it in the future at some point?
I'm being folksy for a reason. One of the broader issues I'm talking about is what really happens. Semantics is inherently squishy.
I put "responsible" in quotes because it is an intentionally ill- defined term. A translation of that might be: responsible (whatever that means).
Now then, yes, x= is *precisely* a statement that time-bounds the responsibility (whatever that means). After time X, the signature is like produce past its use-by date. You throw it in the trash.
Let us suppose that I set my x= time to be 30 minutes. (And yes I know that it's an absolute time.) This means that most of the time, my messages will be properly signed by the time they get into your mailbox. Sometimes they won't, because email is like that. Much more often, though, your MUA will not be able to verify the signature because the expiry time on the message has passed.
This might be an obnoxious thing for me to do, but it's legal, and maybe even what I want. It's the way things work.
x= is *precisely* a statement that says, "after time X, my responsibility ends."
The issue, then, is what happens when I have my expiration being (e.g.) a month and I decide out of the blue to change keys.
x= is an expiration for a particular statement of responsibility for a message, not about key expiration. Key expiration is done in the get-distribution part of the protocol.
I never said it was about key expiration. I don't believe keys expire; I believe keys either are in DNS or are not in DNS.
The issue I brought up is an implied responsibility to keep a key in DNS until the x= for any message sent has expired. At least I thought I read that some people think there is an implied responsibility to keep old keys around until the x= expires on any message you've sent. I think there's no such responsibility, there's merely the cause-and- effect of what happens.
There is no necessary connection between x= lifetime of a signature and key life or availability. If a key is not available, the message is not signed. If x= has expired, the message is not signed. That's it.
There is another semantic issue around all of this, which is the differences between the way an MTA and an MUA ought to behave when verifying DKIM signatures. MUAs have a much harder time because DKIM is an on-line protocol and there are many times that MUAs are off-line. 

        Jon

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] x= lets senders expire responsibility, Jim Fenton
Next by Date:  Re: [ietf-dkim] Proposal: Do the semantics first, then straw poll, Paul Hoffman
Previous by Thread:  Re: [ietf-dkim] Proposal: Do the semantics first, then straw poll, Paul Hoffman
Next by Thread:  Re: [ietf-dkim] Proposal: Do the semantics first, then straw poll, Paul Hoffman
Indexes:  [Date] [Thread] [Top] [All Lists]