----- Original Message -----
From: "Paul Hoffman" <phoffman(_at_)proper(_dot_)com>
To: <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Tuesday, April 18, 2006 11:38 AM
Subject: Re: [ietf-dkim] Expiration Tag (x=) is required to minimize DNS
lookups.
At 2:34 PM +0000 4/18/06, Mark Delany wrote:
This is surely an edge case that Knuth warns us about.
+1
The current spec has enough language to handle key rollover
gracefully. Further, if a sender wants to minimize DNS lookups, the
DNS TTL is the perfect tool, and is already implemented everywhere.
But it still an optimization concept:
- No need to DNS lookup, regardless of TTL state.
- No need to do any SHA256 Hashing on a potential HUGE payload.
This is clearly an optimization any good engineer will see.
Plus Paul, I respect your input, but this +1 doesn't make sense with the +1
you voted on for:
| 6.2 Get the Public Key
|
| ...
|
+ 0. If signature has an expiration (x=) tag, check if the signature
+ has expired. Signatures MUST NOT be considered valid if the
+ current time at the verifier is past the expiration date.
+
| 1. Retrieve the public key as described in (Section 3.6) using the
| domain from the "d=" tag and the selector from the "s=" tag.
But then again, maybe I don't understand the "nit system" here which is a
high possibility.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html