Eric Allman wrote: >> My only concern is to ensure we're not prescriptive to a >> verifier. Anywhere we say "reject" probably should be changed to >> "treat as unsigned" as long as there is no implication one way or >> the other as to what a verifier does with that "is verified" or "is >> not verified" knowledge. > > At some level I agree with you. But saying "treat as unsigned" is > just as prescriptive as "reject" --- either is telling the verifier > what to do. As a verifier, I may want to just outright reject all > messages that have unsigned content. It's probably not a good idea, > but someone somewhere will want to do it someday. "Treat as unsigned" seems a little ambiguous when there might be multiple signatures. It might be interpreted as "treat the message as though it is completely unsigned" as opposed to "consider this signature invalid" which I think is your intent.
-Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
