Paul Hoffman <[email protected]> writes: Hi Paul,
> > And looking at the signature times is definitely one of the > > possibilities, but I'm not sure that's the perfect solution either. > > I'm interested in why not There is no reason it won't work, other than we would need a policy somewhere stating that signature lengths must be X long minimum and LocalRoot implementations must check the end-signature time as the method of determining when their data is too old. It is doable -- it's just not how we currently consider what signature end-times are encoding. We can add that semantic, certainly, if we document it carefully in probably multiple places. -- Wes Hardaker Google _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
