In your view, how should the system deal with a message that has a broken
signature?
For the first decade or so, I don't see any alternative to ignoring
broken signatures. There's too much mail software doing too many
unknown things to mail that it produces, consumes, or transmits, to do
anything else. Doubtless there will be specific cases where you know
right away that all valid mail from domain X will show up with good
signatures, but it'll be a long time before those cases matter.
After the amount of mail with good signatures becomes large enough to
be interesting, say 25%, I expect it'll be much clearer what to do
with bad signatures and missing signatures.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"A book is a sneeze." - E.B. White, on the writing of Charlotte's Web