Handling of signature expiration

Brought to you by: jasonlong

#7 Handling of signature expiration

Status: open

Owner: nobody

Labels: Mail::DKIM module (13)

Priority: 5

Updated: 2007-11-26

Created: 2007-11-26

Creator: Jason Long

Private: No

2a) Handling of signature expiration:
rfc4871: Signatures MAY be considered invalid if the verification
time at the verifier is past the expiration date.

It would be nice for a caller of Mail::DKIM::Verifier to be able
to specify whether expired signature should invalidate a signature
or not.

2b) rfc4871: The verification time should be the time that
the message was first received at the administrative domain of
the verifier if that time is reliably available; otherwise the
current time should be used.

Since a caller (like amavisd) may know the time of reception, but
Mail::DKIM does not know it, it would be useful for a caller to
be able to provide a reference time in a call to verifier.

(Suggestions provided by Mark Martinec.)

Discussion

Jason Long - 2008-02-20

Logged In: YES
user_id=614349
Originator: YES

Here is a work-around:

Put the following code somewhere in your program (after loading Mail::DKIM::Verifier)

*Mail::DKIM::Signature::check_expiration = sub { return 1 };

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Handling of signature expiration

Group

Searches

Help

#7 Handling of signature expiration

Discussion