On Mon, 20 Mar 2006, Jim Fenton wrote:
I don't understand the value of knowing which signature(s) succeeded
beyond knowing what the signing identity/ies (i= or equivalent) is
associated with the successful signature(s). One of the primary reasons
for i= is to clarify the role of the signer when the domain isn't
enough, i.e., when user(_at_)example(_dot_)com sends a message through
list(_at_)example(_dot_)com, you want to know whether it's a signature on behalf of
the user or the list.
The same signer might sign the message twice, with two different
algorithms. If on arrival one verifies and one does not (an ambiguous
result), the recipient might be interested in the details of which
algorithm was used in which case in order to make a go/no-go decision.
This might be especially interesting if rsa-sha256 failed and rsa-sha1
succeeded, for example.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html