At 12:18 PM 11/7/2004 +0000, Tony Finch wrote:
On Sun, 7 Nov 2004, David Woodhouse wrote:
4. What is the intended lifetime for a singature? For how long is
it supposed to be valid?
The maximum time that mail stays undelivered on peoples queues before
being bounced. Theoretically unbounced but in practice a week or so.
Some large ISPs who deliver email to their users over SMTP keep messages
on their queues for up to a month, to allow for users who dial up
infrequently.
That's an interesting corner case, but seems like it's much the same as one of
the pitfalls with verification at the recipient MUA. Most discussions I have
been a party to have converged on a key validity of week or so since 5 days is
the "usual" time before a message is considered undeliverable. Even though
delivery is via SMTP here, is it reasonable for the ISP to check the signature
and mark the message as having been verified?
A related question is the need to support backward validity of keys. If I send
a message on Thursday, change ISPs on Friday, should it be possible to verify
the message on Sunday?
-Jim