> I think one should consider failed signatures as if they aren't there,
> but I'm not sure that's something to include in the -base
> specification. Other opinions? How prescriptive should we be about
> how the verifier handles this?
I think this is a case where we should dictate verifier behavior in so
far as instructing them that such signatures must be ignored (which is
the same as saying treat it as if it isn't there).
To me, this sort-of falls into the category of defining for the verifier
what a DKIM-Signature header looks like. Just as it must conform to a
certain syntax and start with "DKIM-Signature" etc (and BTW we have no
problems prescribing those facts) we should also mandate that it must
But, I'm interested to hear other views.
NOTE WELL: This list operates according to