On 11/29/22 16:53, John R. Levine wrote:
I note in passing that if this is a real problem, which I do not believe it is, an MDA or MUA can easily look at the date on a message and if it's before 2022, the Expires header is not one of ours.
Oh please. We all know that the date of the message does not imply the date of the version of the specification that it conforms to.
I don't actually have a big problem with reusing "Expires" as long as the header is never used to automatically delete messages without the recipient's explicit consent. But I think that there's a good chance that exactly that will happen even if the specification specifically says to not do that.
And if memory serves, this idea has been discussed several times in the past, and what's always kept it from being adopted in the past is the same set of issues we're talking about here - basically, it's a dangerous feature, especially in the absence of reliable and verifiable authentication. That, and the sender should not get to dictate when a message is deleted by the recipient.
Keith -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
