Jim Fenton wrote:
That sounds like a good discussion when we get back to the -base draft.
I'm convinced that the verifier needs to treat broken signatures as if
they weren't there:
- If broken signatures are seen as better than the lack of a signature,
it's trivial to make one up.
- If broken signatures are seen as worse than the lack of a signature,
it will serve as a disincentive to signing messages: potential signers
might not want to do so if they risk having their messages downgraded if
they pass through an MTA that breaks the signature (or through a mailing
list that does so).
Nicely put.
Stephen.
_______________________________________________
ietf-dkim mailing list
http://dkim.org