As for TEMPFAIL, you'd have to know which signature(s) were temp-failed in
order to decide about a later retry, which then leans us back toward giving
the whole list of signatures that were present and a status for each.
I wouldn't be opposed to doing so, except that 4871 says in two separate
places not to do that. Section 7 is, now that I look at it, really badly
written, since it implies that a "verifier" is an SMTP server.
We probably have reasonably good agreement about what a verifier should
a) If at least one signature verifies, report success with the d= value(s)
of the valid signature(s) and optionally other stuff.
b) If nothing verified and nothing tempfailed, report no signatures.
c) If nothing verified and something tempfailed, return a hint to try
d) If at least one signature verified and at least one tempfailed, uh,
flip a coin and either report success or a try again hint.
Unfortunately, that's not really what the existing language says.
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
Please consider the environment before reading this e-mail. http://jl.ly
NOTE WELL: This list operates according to