[mail-vet-discuss] Proposed "header.b" tag for DKIM signatures
vesely at tana.it
Wed Mar 24 12:45:58 PDT 2010
On 24/Mar/10 20:17, Murray S. Kucherawy wrote:
>> As an alternative, the verifier can ignore the failed signature as
>> though it were not present in the message --as specified. Then, it
>> would just report a more concise “dkim=pass header.d=example.com”.
> To which signature is that result reporting if the verifier simply ignored one of them, and both of them had "d=example.com"?
In case both passed, should the verifier report the same result twice?
> If for example the signer included one signature with "l=" and one without, the verifier or A-R consumer might want to prefer one over the other, but it won't know what action to take if it can't tell which signature is the one that passed.
A site policy might specify in advance what is the minimal set of
headers or accepted parameters. If they accept both with and without
length, they just don't care how many times the signer signed.
This consideration assumes that A-R consumers agree with the verifier
policy, though. Are there consumers who need more insight than that
provided by their trusted verifiers?
More information about the mail-vet-discuss