ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] DKIM verification actors

2006-04-24 04:34:17
from [Hector Santos] [Permanent Link] 

----- Original Message -----
From: "Douglas Otis" <dotis(_at_)mail-abuse(_dot_)org>
To: "Michael Thomas" <mike(_at_)mtcc(_dot_)com>



2) MUST perform the verification within the "transport window",
typically 7 days.


The desired change to the base draft was to move the key retention
recommendation to a BCP.  Indicate within the base draft the key
retention interval assures protection over the expected message
transit period.  When the sender desires that this period allows
verification when first viewed, this interval may need to consider
typical variations seen over this transport.  In the fullness of
time, global statistics will become available.


Doug,

SMTP is now and still going to be primary method of transport, and even if
there other non-SMTP transport methods, new or old,  the vendors are still
going to include SMTP.  Since SMTP has a recommended guideline of 4-5 days
to allow for a transport sending strategy that nearly all systems follow,
this means there is an inherent minimum key retention time for DKIM signers.
The DKIM-BASE recommended seven days is sufficient to safely cover the
transport and then some.

Besides, DKIM needs signing to work. Signers will be scratching their head,
"is this forever?" "Can I remove it without damaging messaes still in the
transport?"  "How long should stale keys remains?"  "Hmmm, it says 'expected
message transit period.  Well, we are only using SMTP and SMTP has a 4-5
days limit, so it has to be atleast 4-5 days plus some safe tolerance. Lets
go with lucky seven!!"

Its a chicken and egss situation.  You got have some base value to begin
with and if during practice, that proves to be too short and it needs to be
adjusted, then a BCP will help.   If we want to generalize it, then the BASE
should atleast have a Appendix table or something showing the "Minimum
Expected Message Transits Periods per Tranport Protocol."

hmmmmmm, lets try that:

Appendix XX

    Minimum Expected Message Transit Periods Per Protocol

    SMTP     4-5 Days
    HTTP     ???
    IMAP     ???
    OTHER    ???

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com













_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [ietf-dkim] Proposal for v= tag, Hallam-Baker, Phillip
Next by Date:  [ietf-dkim] question on _domainkey prefix to DNS query (and record), Amir Herzberg
Previous by Thread:  Re: [ietf-dkim] DKIM verification actors, Michael Thomas
Next by Thread:  Re: [ietf-dkim] DKIM verification actors, Douglas Otis
Indexes:  [Date] [Thread] [Top] [All Lists]