On Sat, 2006-02-11 at 14:51 -0500, Hector Santos wrote: > > I personally don't have a problem with a change to "SHOULD" or "MAY" > recommendation, but rested assured, this (bad expiration) will be one > or many guarantee form of exploitation. So a relaxation should be > couple with a hindsight about the high probably consequences of > passing the buck of bad or expired keys to the user.
An expiry that is too brief may also be used as a type of exploitation. A bad actor knows that a domain checks DKIM at both the backup MTA and at the MDA. The bad actor uses a mis-directed return-path and an expiry that is too short and sure to be caught by the MDA. The DSN thereby generated would be expected to damage the signature. Perhaps an expiry exploit could be used to get the victim to wonder how they sent a signed message containing that hot stock tip. -Doug _______________________________________________ NOTE WELL: This list operates according to http://dkim.org/ietf-list-rules.html
