Doug,
Your response is non-responsive :-(
Douglas Otis wrote:
On Apr 18, 2006, at 4:10 PM, Stephen Farrell wrote:
Douglas Otis wrote:
The duration of the signature should cover the "expected"
distribution of transit times for a message from the originator to
recipient.
Sure. Can you get us the peer reviewed stats so we can remove those
quotes from "expected"?
I certainly don't have 'em, and in the absence of such real,
agreed-upon information I think we're just wasting time speculating.
Section 5.2 in the base draft makes an _unsupported_ speculation about
adequate key availability. The transit period should extend beyond
norms for SMTP, as indicated in other places within the this Base and
the Threat draft, when describing MUA signing and verification.
So you have no data to offer.
There are recent mails talking about "months later", those discussions
are not, IMO, in scope and are significantly distracting.
Deciding whether other transports beyond SMTP might expect protection by
DKIM message verification could be productive without too much distraction.
DKIM is to be used for:
1) SMTP only
Starting at the MSA and ending at the MDA mailbox.
2) SMTP + other transports
Starting at the originator and ending when first viewed by the
recipient.
So we agree that "months later" is irrelevant. Good.
Stephen.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html