ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Notes from DKIM jabber meeting on 20 April 2006

2006-04-21 07:26:43
Sandy Wills wrote:

Getting back to DKIM, I thought that the discussion about which country had the longest vacation time was irrelevant, in the context of key expiration. Am I making DKIM too unwieldy, here, asking for a key to be verified as good, not today, but when it was used? There doesn't seem to be any added storage cost or processing cycles, since either way, you have to have the key to test it, just the question of which date to compare to.

An interesting analogy (cf mail, postage, box of 50 year old mail), but as with many analogies it's an imperfect fit. Let's start with the stamp and the analogous DKIM-signature. A stamp instigates a financial transaction: I put a stamp on a letter, and that enters me into a contract that the post office will deliver the mail. They are *contract* bound to do so since the service offered is "guaranteed delivery". A DKIM-signature on the other hand is not even a contract between the originator and the signer -- they can be independent entities through and through. Nor does a signature place any transport level responsibility on MTA. As with all email, it's best effort even if the effort placed on delivery is pretty
substantial.

So signature expiration (or signatures with missing keys, etc) should not be thought of in terms of "guaranteed delivery" of the post office, but instead the best effort of internet mail. If the email doesn't get filed into a box and put into an attic, the signature may be helpful in deciding its ultimate delivery disposition. If it does, well, you're going have to revert back to other --older -- methods to determine that dispostion.

      Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html