On Sat, 2006-02-11 at 22:31 -0800, Jim Fenton wrote: > > The MUST in the draft refers to the validity of the signature, not the > validity of the message. > > If you subscribe (as I do) to the philosophy that an invalid signature > should be treated as though it is absent, then the verifier MUST > behave as though the expired signature just isn't there. Maybe there > is another valid signature, or maybe not. If not, the message is > handled just like an unsigned one.
This view overlooks the effect policy might play. With strict treatment of an expiry time, this could create situations where messages are rejected post acceptance, but prior to delivery, for example. -Doug _______________________________________________ NOTE WELL: This list operates according to http://dkim.org/ietf-list-rules.html
