On Apr 18, 2006, at 4:10 PM, Stephen Farrell wrote:
Douglas Otis wrote:
The duration of the signature should cover the "expected"
distribution of transit times for a message from the originator to
recipient.
Sure. Can you get us the peer reviewed stats so we can remove those
quotes from "expected"?
I certainly don't have 'em, and in the absence of such real, agreed-
upon information I think we're just wasting time speculating.
Section 5.2 in the base draft makes an _unsupported_ speculation
about adequate key availability. The transit period should extend
beyond norms for SMTP, as indicated in other places within the this
Base and the Threat draft, when describing MUA signing and verification.
There are recent mails talking about "months later", those
discussions are not, IMO, in scope and are significantly distracting.
Deciding whether other transports beyond SMTP might expect protection
by DKIM message verification could be productive without too much
distraction.
DKIM is to be used for:
1) SMTP only
Starting at the MSA and ending at the MDA mailbox.
2) SMTP + other transports
Starting at the originator and ending when first viewed by the
recipient.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html