Stephen Farrell wrote:
Paul Hoffman wrote:
At 1:09 PM -0700 4/4/06, Michael Thomas wrote:
When evaluating a message with multiple signatures, a receiver
SHOULD evaluate signatures independently and on their own merits.
Is that really a SHOULD? How could it be tested? Perhaps "should"
is ok in this case.
I think you're right.
For example, a receiver that by policy chooses not to accept
signatures with deprecated crypto algorithms should consider such
signatures invalid. As with messages with a single signature,
receievers are at liberty to use the presence of valid signatures
as an input to local policy; likewise, the interpretation of
multiple valid signatures in combination is a local policy
decision of the receiver.
That looks pretty good.
Signers MUST NOT remove any DKIM-Signature headers from messages
they are signing, even if they know that the headers cannot be
verified.
Is MUST NOT ok there, as opposed to SHOULD NOT? I seem to recall someone
wanting to be able to remove signatures to hide internal structure. Not
sure if that was on the list or not, and it does seem a little bit of a
corner case (one could in any case wriggle out of the problem by saying
it wasn't the signer that removed the sig, but it was some other bit of
code:-) No real opinion myself, just asking.
I copied this from Paul's original. I'm good either way, though
SHOULD seems more appropriate now.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html