Murray S. Kucherawy wrote: >> Last paragraph of sec 5.2: " Verifiers SHOULD ignore failed >> signatures as though they were not present in the message."
> Is that inconsistent with the idea of only reporting signatures > that verified or those that TEMPFAILed? In that model, failed ones > aren't reported which is logically equivalent to them being ignored. > Seems like a fit to me. Why can't we say something that infers? Reporting invalid signatures is out of scope but may be reported to communicate failure to advanced Identity Assessors. And why can't we just layout the output namespace and let implementators decides? I think it is really unreasonable to throw in this section (that is not minor) at the last minute without the proper WG-man-hours for a thorough consideration. -- Hector Santos, CTO http://www.santronics.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
