On Apr 24, 2006, at 4:28 AM, Hector Santos wrote:
2) MUST perform the verification within the "transport window",
typically 7 days.
The desired change to the base draft was to move the key retention
recommendation to a BCP. Indicate within the base draft the key
retention interval assures protection over the expected message
transit period. When the sender desires that this period allows
verification when first viewed, this interval may need to consider
typical variations seen over this transport. In the fullness of
time, global statistics will become available.
SMTP is now and still going to be primary method of transport, and
even if there other non-SMTP transport methods, new or old, the
vendors are still going to include SMTP.
Protections afforded by DKIM include transports beyond SMTP that
extend from the originator to the recipient, as noted in the charter,
threat, and base draft. While delivery failure retry within for SMTP
is a component of a key retention requirement, a greater period of
retention may be necessary to accommodate other transit latencies.
There is no certainty where in the transport sequence a message is
signed by the originator, or where in the sequence verification of
the signature is important to the recipient. Short key retention
will not offer protection for common circumstances involving the
transit from the originator to the recipient. SMTP delivery failure
retry is not the only circumstance that warrants consideration for
key retention. Is there a reason why key retention should not
consider latencies related to originators and recipients over other
transports?
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html