Straightforward case analysis:
1-a: throw message away, it's forged [for "I sign all; bad sig"]
No, don't throw it away ...
Yes, throw it away. ...
This lack of consensus on SSP semantics tells me that attempts to
standardize it are extremely premature. The ASRG is down the hall and
would be thrilled if people wanted to do some experiments and collect
some data to see what the level of signature breakage really is so
they can come back later with rough consensus and running code.
R's,
John
PS:
Imagine if the people who implemented VPN decided that because
there might be non-standard networking equipment that causes problems,
it should be ok sometimes to establish a VPN connection even when
the authentication didn't work.
If VPNs had to operate through millions of legacy application level
gateways, who knows what they might have decided. If my recollection
about buggy Windows VPNs are right, they've come pretty close anyway.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html