John L wrote: >> I don't see why the recipient would have any better idea than the sender >> on whether the transit time is acceptable. > > Because a recipient has the message after the transit has actually > happened, and knows about the way his mail gets delivered and read. > > Assume, for example, someone who uses a verifier in his MUA and only > reads his mail once a week. A sender signs and sends a message on > Monday with a one-day x= value, it's delivered ten seconds later and > spends four days sitting in his mailbox. When our user reads his mail > on Friday, is he allowed to verify it? To me the answer is obviously > yes. How do you handle that with x= ? Do you interpret the x= value > as of some past time when the mail was placed in a stable place? Tell > him tough luck, he's not allowed to use DKIM unless he reads his mail > more often? I don't know how to write rules that would handle every > possible recipient scenario, and neither does anyone else, so it's > nuts to try. It's the same reason that the SMTP RFCs don't try and > set fixed retry or timeout values, only guidelines. This is why verification at the MDA or an MTA is preferred. If you want to really handle the case of an MUA verifying a signature when the user returns from an "email vacation", the signature lifetimes need to be much longer.
>From the DKIM WG charter: > To prevent this task from becoming unwieldy, several related topics are > considered out of scope for the DKIM working group. These topics > include: [...] > * Signatures that are intended to make long-term assertions beyond the > expected transit time of a message from originator to recipient, > which is normally only a matter of a few days at most. For me, x= expresses the intent of the signer as to how long the signature should be valid. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
