[mail-vet-discuss] Proposed "header.b" tag for DKIM signatures

[Alessandro Vesely]

On 24/Mar/10 20:17, Murray S. Kucherawy wrote:
>>  As an alternative, the verifier can ignore the failed signature as
>>  though it were not present in the message --as specified. Then, it
>>  would just report a more concise “dkim=pass header.d=example.com”.
>
> To which signature is that result reporting if the verifier simply ignored one of them, and both of them had "d=example.com"?

In case both passed, should the verifier report the same result twice?

> If for example the signer included one signature with "l=" and one without, the verifier or A-R consumer might want to prefer one over the other, but it won't know what action to take if it can't tell which signature is the one that passed.

A site policy might specify in advance what is the minimal set of 
headers or accepted parameters. If they accept both with and without 
length, they just don't care how many times the signer signed.

This consideration assumes that A-R consumers agree with the verifier 
policy, though. Are there consumers who need more insight than that 
provided by their trusted verifiers?