John Levine wrote:
What I am mostly seeing here is that we don't have a clear model of
the ways that people will use multiple signatures. Let's say your
message has three sigs from Able, Baker, and Charlie (in that order if
you care about order.) Able and Charlie verify, Baker doesn't. Now
what do you do?
I have come to the conclusion that you just need to behave as if Baker
isn't there at all. If you treat the message more favorably, people
will insert bogus signatures to make that happen. If you treat the
message less favorably, you risk penalizing a message that got modified
in transit, or in this case possibly signed by a defective intermediary.
-Jim
_______________________________________________
ietf-dkim mailing list
http://dkim.org