OK. Able is on your whitelist. Charlie is on your blacklist. Now what?
I'm making this up as I go, but I suppose I would accept the message:
if someone I trust asserts responsibility for the message, that's more
important than the fact that that someone I distrust also asserted
responsibility.
But I could equally well decide that even if a friend of mine accidentally
signed it, I never ever want any mail from a place that is known to send
only 419 spam.
I think we have confirmed that none of us really know what we'd do with
multiple signatures. Is that a problem, or should we just say that we'll
try to support them with unspecified semantics and hope they turn out to
be useful?
Personally, I see the point of a DKIM signature as being that you know
where to pin the blame, and it's not helpful to diffuse that. If it were
up to me, I'd decree that when you sign a message, you MUST discard all
the old signatures because you're taking responsibility for it. I don't
care how the message got to you, it's your message now.
R's,
John
_______________________________________________
ietf-dkim mailing list
http://dkim.org