It should be perfectly fine to say DKIM expects valid input, for
whatever definition of that we want to invent, and also state that
handing it anything else has either undefined results or specific bad
results.
We seem to be talking past each other here.
I don't see anyone proposing a deep dive into 5322 validation. But 4871
already says you MUST sign the From: header. Why is that OK, but saying
you MUST NOT sign or validate something with two From: headers is not?
We're not suggesting anything that would invalidate existing bits on the
wire, after all.
DKIM is full of layer violations where it tells people how to sign and
verify robustly. Sec. 5.3 tells signers to downcode 8-bit MIME, 6.1.2 has
some fairly dubious assumptions about the structure of the DNS, 6.1.3 even
tells verifiers to rewrite MIME separators.
This seems an odd place to draw a line in the sand, and an unfortunate one
if you believe that an important use of DKIM should be to whitelist mail
from trusted signers.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html