On Jan 19, 2007, at 10:06 AM, <[EMAIL PROTECTED]> wrote:
I thought this was resolved via an expiration date x= flag. With
this flag set a mua could certainly know whether a signature was
still valid before attempting to verify it.
The critical element should be whether the message's signature had
expired prior to delivery, which can be determined by checking when
the message was received. This check could be made days later and
yet safely used to abate abusive replay of messages. There is no
need to rapidly remove valid keys and thereby make MUA verification
precarious. Retaining public keys for a reasonable period would be a
reasonable strategy. Implying that all checking must be done by the
MTA fails miserably in efforts aimed at protecting recipients. DKIM
is not only about ensuring the acceptance of bulk email by the MTA.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
