Paul Hoffman wrote:
The meaning of x= is completely clear in the -00 and -01 drafts.
However, many people on the list, including some of the document
authors, have wide disagreement about what x= is supposed to do. Some
people say that it is supposed to be when a particular signature is no
longer valid;
That's what the draft says. There are many other cases of "invalid". I don't
see why this is a hard concept.
others say that it is when the recipient should not expect to find the
signing key available;
That might be a reason to use x= in the first place, but that gets into
BCP land, IMO.
others say that it is when the signing system is no longer responsible
for the message;
That current draft does not attach any normative semantics to
"responsible" so
from a semantics standpoint so they all revert back to the base level
semantics
of having or not having a valid signature: information for the receiver
to use
to apply local policy.
others say it is a combination of those. If someone can come up with a
consensus statement from the recent list traffic, that's great; I failed.
Instead of clarifying, we need to associate semantics with x=, even if
those are "the signer can cause signature expiration for any reason
without saying why".
That's what the current draft implies. I don't know why we need a
normative behavior, any more than we need to have a normative behavior
for aging keys. It would be nice to have discussion in a BCP, but that's
very different than laying down the law in a standard's track draft.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html