DKIM-Signature Header tags
x: Signature expiration
Expiration is a fairly common feature in signing specifications. But
DK and DKIM are different in that the public key is not distributed to
others, it's always under the control of the signer. Does this add
anything that removing the DNS TXT record doesn't do? Is it used? Is
it necessary?
Unless there are implementations out there that cache the public key for
extended periods of time, I don't see any benefit of the signature expiration
tag that's not available by removing the DNS txt record.
And if it's absolutely necessary to distinguish between the case of "there
never was a record" and "this key has been expired/revoked", it seems like
keeping the txt record and removing the key would cover the latter... although
I'm not sure there's really a reason to make the distinction.
Ellen
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html