Verifiers MUST NOT use the header field names or copied values
for checking the signature in any way. Copied header field
values are for diagnostic use only.
1) This condition is ACTUALLY REQUIRED for interoperation?
Well, yeah. If the verifier is a separate module from the one that sorts
mail based on the verification result, the sorter is going to act
differently with results from a strict verifier vs. a squidgy one.
2) This condition limits actual HARM?
If we consider unwittingly accepting mail with bad signatures as harm, yes.
I would prefer language along the lines of what I proposed last week, that
the copied values are not for signature validation, but you can do whatever
you want with them to decide what to do with a message whose signature
didn't validate.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html