Jim Fenton wrote:
That sounds like a good discussion when we get back to the -base draft. I'm convinced that the verifier needs to treat broken signatures as if they weren't there: - If broken signatures are seen as better than the lack of a signature, it's trivial to make one up. - If broken signatures are seen as worse than the lack of a signature, it will serve as a disincentive to signing messages: potential signers might not want to do so if they risk having their messages downgraded if they pass through an MTA that breaks the signature (or through a mailing list that does so).
Nicely put. Stephen. _______________________________________________ ietf-dkim mailing list http://dkim.org
