There's not one "right" value; we're talking about distributions of timings for normal mail vs. replay, and yes, there's some overlap there.
...
I understand the pushback; this is a list to talk about a standard, and standards tend to be a lot more binary in their functionality,
Glad to see the challenge of using x= characterized here. I suggest two points that probably need considering:
1., Realistic, real-world examples where the proposed mechanism is known to work and to work well. The idea that it is possible to have signature expiration be short enough to be useful against replay, without destroying DKIM's primary use, does not seem even slightly realistic to me. So field demonstration of utility seems essential.
2. Moving heuristic advice to a discussion paper, rather than a technical specification. There's nothing wrong with documenting things that someone, somewhere might find useful, but with caveat emptor warnings highlighted. But no, those are not technical specifications.
-- Dave Crocker Brandenburg InternetWorking bbiw.net mast:@[email protected] _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
