Those are two different changes. My own sense is that each has some
controversy, with the first being pretty substantial and with the first
having
some significant counter-proposals.
My preference is still that verifiers reject messages that are likely to
display misleadingly in MUAs, e.g., multiple copies of headers that MUAs
render one of. This is a rathole if you consider all the junk a bad guy
can do in HTML body parts, but at if you insist that the entire body is
signed, you can at least say that the garbage the user sees is same
garbage that was signed.
That matches my position - such messages should not verify. Though I
would generalize the "display and MUA" part to "not verify messages
that could mislead subsequence consumers" (where a program is a
consumer too!)
I agree that there is a distinct difference between goop that is part
of the signed message and goop that is not.
Mark.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html