On Thu, Feb 16, 2023 at 2:13 PM Barry Leiba <barryle...@computer.org> wrote:
> I like this approach: if the issue is that an "expired" signature is > treated as unsigned, I think we have an unacceptable level of false > positives. But if the fact that a signature is valid but expired is > simply another factor in the decision, I think we might be OK, keeping > in mind that "x=" is purely advice to the validator. To *really* > expire a signature, one has to stop publishing the key associated with > the selector. > One thing that would impede the success of this approach is whether current implementations make the distinction between "invalid" and "valid but expired", and for those that do not, how much churn and for how long it would take to make that change to the ecosystem. -MSK
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
