Damon,
There are some problems with your suggested statement. (Note:
I'm not saying I'd agree with it if its fixed, but as of now
its just not ready for the WG to consider.)
Damon wrote:
The Protocol MUST NOT be required to be invoked if a valid first party
signature (without the 's') is found.
Ambiguous. Do you mean:
MUST NOT be invoked if any valid first party signature is found,
or,
MUST NOT be invoked if exactly one valid first party signature is
found ?
(Aside: the latter would be, IMO, silly, so I guess you didn't
mean that.)
> However, if the first party
signature if damaged in transit
A signature or message may be changed in transit, or may be bogus,
but the verifier cannot know that - the verifier can only tell
that there is no good (first party) signature.
> the Protocol MUST be invoked to
determine if any authorized domain or third party signers have signed
the message.
Nope. The verifier can tell if they've signed by looking and checking,
so s/have signed/have been flagged by the first party as acceptable
signers for/ or something like that.
> The order in which each authorized domain or third party
signer is validated MUST NOT be specified.
Why? Seems like a nit. And I'd probably steer clear of calling
these authorized, on the basis that the term has a lot of
ancillary baggage that we don't really want to have to explain
away. (Having said that, it is a natural word to use, but not
the best technical term;-)
Stephen.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html