[ietf-dkim] x= lets senders expire responsibility

Hallam-Baker, Phillip pbaker at verisign.com
Wed Apr 12 05:41:31 PDT 2006 

I disagree. 

I think the semantics are 'don't count on being able to verify this message
after this date'.

If I do manage to verify I can hold the purported signer resposible
regrdless of wheter x= is there or not.

My fault handling process for 'key not found' is going to be different if x=
has expired.

> -----Original Message-----
> From: ietf-dkim-bounces at mipassoc.org 
> [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of Mark Delany
> Sent: Wednesday, April 12, 2006 2:13 AM
> To: ietf-dkim at mipassoc.org
> Subject: [ietf-dkim] x= lets senders expire responsibility
> 
> On Wed, Apr 12, 2006 at 01:07:22AM -0400, Hector Santos 
> allegedly wrote:
> 
> > > Remove x=
> 
> > IMO, there is a precise and purposeful rationale.   I  can 
> come up with
> > atleast a dozen reasons or more why a signer may want to utilize an 
> > expiration concept.
> 
> As you say, and I agree, the benefits flow mostly, if not 
> entirely, to the signer ... even though earlier discussions 
> mooted benefits to the verifier.
> 
> 
> As I understand it, when x= expires the signer wants 
> verifiers to treat the mail as unverified - in effect signers 
> get to disclaim responsibility for that email after a certain 
> point in time.
> 
> This seems entirely at odds with DKIM which is about senders 
> taking responsibility for an email for the benefit of the verifier.
> 
> DKIM is not about senders taking responsibility for just 5 
> seconds or just 5 minutes or just 5 days. If a mail is signed 
> and sent, a sender has no right, in my mind, to subsequently 
> disclaim responsibility. It's their content; they wear the 
> consequences forever.
> 
> In short: x= gives senders wiggle room to expire 
> responsibility - that seems at odds with our goals.
> 
> 
> Mark.
> _______________________________________________
> NOTE WELL: This list operates according to 
> http://mipassoc.org/dkim/ietf-list-rules.html
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5986 bytes
Desc: not available
Url : http://mipassoc.org/pipermail/ietf-dkim/attachments/20060412/d6c25838/smime-0001.bin

More information about the ietf-dkim mailing list