Sandy Wills wrote:
Getting back to DKIM, I thought that the discussion about which
country had the longest vacation time was irrelevant, in the context
of key expiration. Am I making DKIM too unwieldy, here, asking for a
key to be verified as good, not today, but when it was used? There
doesn't seem to be any added storage cost or processing cycles, since
either way, you have to have the key to test it, just the question of
which date to compare to.
An interesting analogy (cf mail, postage, box of 50 year old mail), but
as with many
analogies it's an imperfect fit. Let's start with the stamp and the
analogous DKIM-signature.
A stamp instigates a financial transaction: I put a stamp on a letter,
and that enters me into
a contract that the post office will deliver the mail. They are
*contract* bound to do so
since the service offered is "guaranteed delivery". A DKIM-signature on
the other hand
is not even a contract between the originator and the signer -- they can
be independent
entities through and through. Nor does a signature place any transport
level responsibility
on MTA. As with all email, it's best effort even if the effort placed on
delivery is pretty
substantial.
So signature expiration (or signatures with missing keys, etc) should
not be thought
of in terms of "guaranteed delivery" of the post office, but instead the
best effort of
internet mail. If the email doesn't get filed into a box and put into an
attic, the signature
may be helpful in deciding its ultimate delivery disposition. If it
does, well, you're
going have to revert back to other --older -- methods to determine that
dispostion.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html