----- Original Message ----- From: "Mark Delany" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Thursday, April 13, 2006 11:59 AM Subject: Re: [ietf-dkim] x= lets senders expire responsibility
>> Signatures with selectors resulting in NXDOMAIN DNS queries >> SHOULD NOT be considered valid? > > I have to check the spec, but I thought that you set p= to the empty > string and leave the Selector in place if you wish to revoke the key. Just for readership: | p= Public-key data (base64; REQUIRED). An empty value means that | this public key has been revoked. The syntax and semantics of | this tag value before being encoded in base64 is defined by the | k= tag. Ahhh, I missed this point - keeping the selector but setting the data to empty. ok, sounds like this will work then to signal an expiration. Not as efficient (need a lookup), but in such a case, as long as the selector is still active and p= data is empty, x= is not required. You got your indicator. I think I might change my vote to "Get Rid of X=" :-) I still like the idea of expiring a signing on a per message basis. Pretty powerful option for signers. x= will provide this. -- Hector Santos, Santronics Software, Inc. http://www.santronics.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
