Sorry to have gone dark for a while --- I've been even more than
usually busy. I'm trying to get a bit of catching up done today.
What I did for this was to add something to 6.1 reading "Verifiers
MAY ignore the DKIM-Signature header field if it contains an "x=" tag
and the signature has expired." I then added to the end of 6.1 "If
there are no valid signatures remaining after this step, a verifier
MUST NOT proceed to the next step."
eric
--On April 14, 2006 9:18:14 AM -0400 Hector Santos
<hsantos@xxxxxxxxxxxxxx> wrote:
Eric,
In regards to the expiration tag x=, until a decision is made about
its fate, it is still part of the specs. In such a case, to comply
with the x= current specs, a preliminary step is missing in
section 6.2:
| 6.2 Get the Public Key
|
| ...
|
+ 0. If signature has an expiration (x=) tag, check if the
signature + has expired. Signatures MUST NOT be considered
valid if the + current time at the verifier is past the
expiration date. +
| 1. Retrieve the public key as described in (Section 3.6) using
| the domain from the "d=" tag and the selector from the "s=" tag.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
