Hi, I'm reading the section in rfc6376 on the x= tag, specifically -
INFORMATIVE NOTE: The "x=" tag is not intended as an anti-replay defense. Could anyone shed some light on the reasoning for this, by chance? I note that the spec for x= says "Signatures MAY be considered invalid [if past expiration]", which isn't particularly strong guidance for how verifiers should behave, but from my perspective, signature expiration could in theory be an effective tool (among other defenses) to help reduce the viability of replays. Thanks, -Evan
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
