>Is there *any* signature by way of its underlying credential that >doesn't have a lifetime?
No, but I don't see any reason that a sender has any great insight into the likely transit time of a message or the useful lifetime of a message signature. >DKIM is intended to have a transport duration lifetime, eg about >2 weeks. Quite right. So we should ditch x= and add a sentence saying that recipients should ignore signatures older than the longest likely transit time of a message, typically two weeks. >What states might those be? Let's say message A has a signature that uses x= to set a lifetime of five seconds, and message B has a signature that has a lifetime of five years. Have we learned anything useful about either message other than that the people who signed them don't understand mail transport very well? What if the signature time and the expiration time are equal, or it expires before it was signed? Do either of those mean anything? What should a recipient do? I can see why someone might want a feature analogous to the usenet Expires: header to say that the contents of a message aren't interesting past a given time, but that's not the semantics of x=. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
