John Levine wrote: > First, let's see whether we expect other tagging schemes. > The more I think about it, the less likely I think it is.
All mail RFCs are adamant that the local part are the local business of the MON (mail originating network), and various schemes down to "percent hack" or gmail conventions exist. Limited to BATV, if I could do it I likely would NOT pick HMAC-SHA1, and for a private scheme I wouldn't waste bytes for "prvs=". As noted elsewhere in this thread, with a registry of tags it is not more completely private and tags make sense. E.g. "u=" with the unique part (LHS) of the Message-ID can make sense where a database is no showstopper, same idea as for NNTP, with a given expiration. For your scheme you have "modulo 1000 days", so after 1000 days you can definitely forget an expired key - of course you can forget it earlier, bounces after three years are ridiculous, but less than say one month might be too short. For a completely private scheme you could use the tag to indicate the used key, e.g. "k1=" for the first key, "k2=" for your second key if the first was compromised, etc. For a public scheme you could use the tag to indicate the algorithm, "prvs=" for HMAC-SHA1, "hmac=" for HMAC-MD5, whatever. Just an idea, copy the registry stuff from the SASL RFC, no expert review, but "specification required" to protect IANA, for more examples see the new RFC 5226. Frank
