On 24/Mar/10 20:17, Murray S. Kucherawy wrote:
As an alternative, the verifier can ignore the failed signature as
though it were not present in the message --as specified. Then, it
would just report a more concise “dkim=pass header.d=example.com”.
To which signature is that result reporting if the verifier simply ignored
one of them, and both of them had "d=example.com"?
In case both passed, should the verifier report the same result twice?
If for example the signer included one signature with "l=" and one without,
the verifier or A-R consumer might want to prefer one over the other, but it
won't know what action to take if it can't tell which signature is the one
that passed.
A site policy might specify in advance what is the minimal set of
headers or accepted parameters. If they accept both with and without
length, they just don't care how many times the signer signed.
This consideration assumes that A-R consumers agree with the verifier
policy, though. Are there consumers who need more insight than that
provided by their trusted verifiers?
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html