On Sep 25, 3:39 pm, Simon Willison <si...@simonwillison.net> wrote: > While that makes sense for caching, I couldn't say if it makes sense > for signatures or not - when we sign something, will we always know > the point at which we want that signature to expire? I don't know.
Here's a good argument for signing things with the creation-timestamp rather than the expiration-timestamp - it leaves the door open for a mechanism whereby historic SECRET_KEYs are stored. When we see a signed string, we can use its timestamp to decide which of our historic keys should be used to validate it. BIt of an edge case (I can't say if we'd ever want to do this) but it's an example of something that's not possible with expire-at timestamps. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---