On Wed, 19 Apr 2006, Jim Fenton wrote:
There is a *huge* difference between key and signature expiration.
Given that x= appears in a signature, the informative note should say
"...indicate signature expiration". But, if we do that, we need to say
what it means for a signature to expire. We can reuse semantics on
signature expiration from other IETF specs, if we can find one that
has expiring signatures.
The last sentence in the informative note directly contradicts the
MUST NOT in the body of the definition. I understand some people want
it one way and others want it the other way, but we can't have a spec
that says both.
+1
There is also a huge difference between key or signature expiration, and
message expiration. The text "When message is considered expired"
implies that the message itself expires, which it does not do.
The text should be "message signature should be treated as invalid after
the the expiration date". This does not say anything about the message
itself being expired only the signature
BTW, the feature saying the message itself is valid up to certain date
could be quite useful. Many emails are written with expectations that
they would be read in 1-2 days and if not done message content is no
longer of a significant use to the recipient. This is however a
separate issue.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html