> There are good reasons why the verifier might want to verify multiple
> signatures, if present. For example, it might not know which signing
> identities are significant to the recipient for acting on the message.
That's true and is why our lib will verify all signatures (up to like 10
or some user configurable number to prevent a DoS). We communicate each
result in Auth-res.
BTW: Sorry for missing the Jabbers recently but I'm finally on vacation
in Alaska! I've read the transcripts and have no objections to any of
the proposed changes.
--
Arvel
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html