RFC 4871, "DomainKeys Identified Mail (DKIM) Signatures", May 2007
Note: This RFC has been obsoleted by RFC 6376Source of RFC: dkim (sec)
Errata ID: 1380
Status: Held for Document Update
Publication Format(s) : TEXT
Reported By: Tony Hansen
Date Reported: 2008-03-21
Held for Document Update by: Pasi Eronen
Section 3.5 says:
INFORMATIVE NOTE: The "x=" tag is not intended as an anti-replay defense.
It should say:
INFORMATIVE NOTE: The "x=" tag is not intended as an anti-replay defense. INFORMATIVE NOTE: Due to clock drift, the receiver’s notion of when to consider the signature expired may not match exactly when the sender is expecting. Receiver’s MAY add a 'fudge factor' to allow for such possible drift.
From the October 2008 interop event:
When does x= take effect?
* §3.5 says the “x=” value is an “absolute date”
* A receiver’s notion of absolute time might not match the sender’s notion of absolute time
* The document may not expire exactly when sender thinks it should
* A receiving implementation has these choices:
- Try to decide how far apart sender’s notion of absolute time is from the receiver’s notion of absolute time, based on header information
- Use local knowledge of what the absolute time is
- Add in a “fudge factor” to acknowledge possible clock drift