>>Our need in all this to obtain properly qualified and certified
>>information about the identity of the communicants, and the signer.
>
>Well, I guess I'm less concerned with the failure of a 12-year old address
>than with one supplied currently by the intended recipient.
I think this is all precisely on the pem-dev subject matter. Its the practice of
doing secure e-mail with addresses used as identifiers, with many
consequences in many practical operational domains, not limited to pure
protocol design.
We have had mountains of discussion on the consequences of evaluating
the originator of a message 25 years after it was signed. This
age-limited published address is a wonderful example of where
addressing schemes (which inevitably change due to scaling needs and
innovation) are inappropriate for certification.
We have two camps within pem-dev - those who care about design suitable
for operational non-repudiation services, and those who dont. I think
we already agreed in the last IETF, that they would split their
activities, as they are not reconcilable.