John Levine schrieb:
If there was an optional expiration date contained in the _domainkey DNS
entry besides the public key instead, a mail admin could react in the
short-term to e.g. abuse of the according private key without
interfering the validation of signatures before this expiration date.
If I were a bad guy, why wouldn't I simply forge a date in my spam
before the expiration date?
John, I would agree if the expiration date (x-param) was compared to the
signature timestamp (t-param).
But the RFC says (see x-param):
Signatures MAY be considered
invalid if the verification time at the verifier is past the
expiration date. The verification time should be the time that
the message was first received at the administrative domain of
the verifier if that time is reliably available; otherwise the
current time should be used.
Regards,
Flo
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html