ietf-dkim
[Top] [All Lists]

[ietf-dkim] Attempted text for x=

2006-04-19 08:47:30

Folks,

We've decided to stick with the status quo and keep
x= but we do seem to need some different text.

Barry and I would like finalising that text to be the
topic for tomorrow's jabber session. Maybe a bit
ambitious but we do need to kill the topic.

So to make that a bit easier, here's my suggestion
based on what I've seen on the list. Feel free to
beat it up, but we (as chairs) are going to have to
declare for some text after tomorrow. So beating
this up by proposing a better alternative is really
much more likely to be effective.

And during the jabber session, please try to
remind yourself that perfection is in this case
almost certainly the enemy of the good.

Stephen.


Current:

x=   Signature Expiration (plain-text; RECOMMENDED, default is no
       expiration).  The format is the same as in the "t=" tag,
       represented as an absolute date, not as a time delta from the
       signing timestamp.  Signatures MUST NOT be considered valid if
       the current time at the verifier is past the expiration date.
       The value is expressed as an unsigned integer in decimal ASCII,
       with the same constraints on the value in the "t=" tag.  The value
       of the "x=" tag MUST be greater than the value of the "t=" tag if
       both are present.

           INFORMATIVE NOTE:  The x= tag is not intended as an anti-
           replay defense.

Proposed:

x=     Signature Expiration/Best-Before (plain-text, OPTIONAL, default is
       no expiration/best-before). The format is the same as the "t=" tag,
       represented as an absolute date, not as a time delta from the
       signing timestamp.  Verifiers who support x= MUST conside a 
       signatuure invalid if the current time at the verifier is past 
       the expiration date. If a signature is invalid for this reason, 
       then the normal rules apply, so the signature SHOULD be treated 
       the same as if cryptographic checking had failed or as if the 
       public key could not be retrieved. Verifiers MUST NOT asssume 
       that there is any particular relationship between the x= value 
       and the life cycle of a public key.
       Signers MAY include an x= value at their discretion. 
       Verifiers SHOULD support checking of x= values.
       The value is expressed as an unsigned integer in decimal ASCII,
       with the same constraints on the value in the "t=" tag.  The value
       of the "x=" tag MUST be greater than the value of the "t=" tag if
       both are present.


           INFORMATIVE NOTES:  

           1) The x= tag is not intended as an anti- replay defense.
           2) There is no real point in including a nonsense value in
              this tag - if the signer has no reason to include any 
              particular value then this tag is better omitted.
           3) There is no particular reason to include values here
              that are very far in the future, e.g. if it expected
              that a verifier might not see the message for a long
              time. In such cases omitting x= will probably be better.

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html