Jim Fenton wrote:
RFC 4871 sec. 6.1 says, "Verifiers SHOULD ignore any DKIM-Signature
header fields where the signature does not validate." My concern is
that if the verifier reports "fail", it's not really ignoring the broken
signature.
DKIM-6.1's normative SHOULD leaves room to maneuver within an ADMD which
does have some reason to deviate from that language and thus wishes to
make a distinction between a failed signature and an unsigned message.
If a verifier implementing this proposal decides to report a DKIM "fail"
as "neutral", that distinction is no longer possible in such environments.
A general question: Is it appropriate for this draft to assist directly
in the enforcement of a normative SHOULD from other drafts?
One response I got to some queries about this issue went as far as
saying verifiers SHOULD NOT degrade "fail" to "neutral" despite this
concern, thereby limiting that action only to well-considered local
policy decisions.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html