My only concern is to ensure we're not prescriptive to a
verifier. Anywhere we say "reject" probably should be changed to
"treat as unsigned" as long as there is no implication one way or
the other as to what a verifier does with that "is verified" or "is
not verified" knowledge.
At some level I agree with you. But saying "treat as unsigned" is
just as prescriptive as "reject" --- either is telling the verifier
what to do. As a verifier, I may want to just outright reject all
messages that have unsigned content. It's probably not a good idea,
but someone somewhere will want to do it someday.
That said, I'll use your argument to remove the "reject" language
from 3.4.5. Changing all the "ignore the signature" clauses to
"ignore the signature, which is a good idea, or if you really want,
go ahead and reject the message outright if you dare" would just be a
If we do want to make this more precise, I recommend that we have an
explicit list of signature states, e.g., GOODSIG, BADSIG, NOSIG,
PARTIALSIG (the l= case), SYNTAXSIG (syntax error in signature),
etc., and then leave the actual actions taken on each of these states
remain undefined in the -base document. That's probably a fair
amount of text changes, but most likely fairly mechanical.
NOTE WELL: This list operates according to