-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jun 1, 2009, at 8:33 AM, Siegel, Ellen wrote:
>
>
>>> DKIM-Signature Header tags
>>>
>>> x: Signature expiration
>>>
>>> Expiration is a fairly common feature in signing specifications. But
>>> DK and DKIM are different in that the public key is not
>>> distributed to
>>> others, it's always under the control of the signer. Does this add
>>> anything that removing the DNS TXT record doesn't do? Is it used? Is
>>> it necessary?
>>
>
> Unless there are implementations out there that cache the public key
> for extended periods of time, I don't see any benefit of the
> signature expiration tag that's not available by removing the DNS
> txt record.
>
> And if it's absolutely necessary to distinguish between the case of
> "there never was a record" and "this key has been expired/revoked",
> it seems like keeping the txt record and removing the key would
> cover the latter... although I'm not sure there's really a reason to
> make the distinction.
I agree with Ellen that there' hardly any use for signature expiration
that can't be solved by yanking the key from the DNS.
DKIM is a short-term protocol. The signature on a message is supposed
to protect it while it is in transit. The longer a message sits in a
mailbox, the less value the DKIM signature has. Expiring the
signatures has little value.
On the other hand -- it's already in there. The arguments we're making
now are all good arguments for never having x=, and less good for
taking it out. Despite it being an idea of limited use, someone might
be using it, and someone might think of a good reason to have it in a
few years. Murphy's law being what it is, someone will find a really
good use for it if and only if we remove it.
My suggestion is to ask some implementers. If they think it made
implementing DKIM hard, or they see value to removing it, then do so.
If they are lukewarm or supportive, keep it in.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII
wj8DBQFKJF3YsTedWZOD3gYRApqmAJ9xLY+RH97bDS56IY5RBJ+ocNoihQCfaBBB
EbBiqKG2anEQKBxdVYDcG+w=
=1LWk
-----END PGP SIGNATURE-----
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
