Murray S. Kucherawy wrote:
Last paragraph of sec 5.2: " Verifiers SHOULD ignore failed
signatures as though they were not present in the message."
Is that inconsistent with the idea of only reporting signatures
that verified or those that TEMPFAILed? In that model, failed ones
aren't reported which is logically equivalent to them being ignored.
Seems like a fit to me.
Why can't we say something that infers?
Reporting invalid signatures is out of scope but may be
reported to communicate failure to advanced Identity
Assessors.
And why can't we just layout the output namespace and let
implementators decides?
I think it is really unreasonable to throw in this section (that is
not minor) at the last minute without the proper WG-man-hours for a
thorough consideration.
--
Hector Santos, CTO
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html