|
Re: [ietf-dkim] Notes from DKIM jabber meeting on 20 April 2006
2006-04-21 06:27:33
("Big Picture" - I lurk on this and other lists for an education, and
try to keep my mouth shut unless I have something to contribute, but
sometimes I gotta ask WTF?)
DKIM Chair wrote:
Issue 4: Which "time" at verifier is used to determine expiration?
"received" time, or "current" time? The distinction is important if
verification is done in MUA, and Doug and Hector both want "received"
time. Much discussion here, with lots of it centering on whether
received time can be determined reliably, people don't want to be
recommending parsing Received lines, and such. Resolution: Suggest
using received time "if reliably available", else current time.
Arvel and Jim aren't sure, but accept it if it's "MAY". Stephen will
propose text.
I apologize for going thru this _again_, but I simply don't understand
the question, so the answers aren't helping much. Here's a (made-up)
example from real life, which I hope is close enough to use here. While
DKIM isn't about economic compensation like postage stamps are, the
concept if "being authorized for a specific period, then being no longer
useable" should cross over:
Let's say that your grandmother, somewhere in the US, sent her
daughter (your mother) a letter at her newlywed house sometime in late
1941. Something bad happened out in the Pacific, causing a hiccup in
the mail-delivery system, and a lot of stuff was delayed, some of it so
much that it was forgotten.
A couple of years ago, you moved back into that old house you grew
up in to take care of your parents, and your mother is still there at
the same address. These days, you have to do pretty much everything for
her, including going thru her mail, throwing out all the ads for things
that she no longer needs. Your grandmother, unfortunately, is no longer
with us.
Yesterday, the USPS was closing down an old post office, and found a
box of old letters that never got delivered. Your grandmother's letter
is in there.
If I understand the expiration time question right, some people
think that it's okay for a USPS drone to throw that letter out, because
the 3 cent postage doesn't match current rates. I think that it would
be better if his supervisor said "No, that postage was valid when that
letter entered the system -look at the postmark date, meathead- and we
have to deliver it."
Walking down the mail delivery system, each handler should say the
same, including the postman who hands it to you, and you should give it
to your mother. Make sure she's up to date on her heart medicine,
first. I guess that's okay.
Am I out to lunch here, or am I making sense?
To me, the only three reasons to _not_ accept that letter as still
valid for delivery would be:
- if it only had a 2 cent stamp on it, raising the "bogus" flag,
because everyone knows that the rates went up 50% (inflation!) to 3
cents, back in 1932, or if some other obvious sign of forgery
(laser-printed address label, maybe) was found,
- if the addressee could not be found,
- if there was some reason to believe that the original receiving post
office was controlled by mobsters, foreign agents, or evil spirits.
Controlled by incompetent bureaucrats isn't enough.
Getting back to DKIM, I thought that the discussion about which
country had the longest vacation time was irrelevant, in the context of
key expiration. Am I making DKIM too unwieldy, here, asking for a key
to be verified as good, not today, but when it was used? There doesn't
seem to be any added storage cost or processing cycles, since either
way, you have to have the key to test it, just the question of which
date to compare to.
--
Unable to locate coffee.
Operator halted.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
|
|