On May 2, 2006, at 2:33 PM, Dave Crocker wrote:
"Treat as unsigned" seems a little ambiguous when there might be
multiple signatures. It might be interpreted as "treat the
message as
though it is completely unsigned" as opposed to "consider this
signature
invalid" which I think is your intent.
I don't think the wording "consider this signature invalid"
requires the
verifier to consider a signature failure as "unsigned".
When a signature fails to validate, the message should be processed
as if that signature were not present.
The process should track the number of attempts made verifying
signatures for a message. This concern differs from "as if that
signature were not present." Without a reasonable limit for the
process, DKIM verification itself can become a threat.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html