I would be surprised though if the result for the signature construct (which may be a bit of a special case here) didn't have the "best" security option as the MUST-implement, even if it has the legacy signature construct as a MAY-emit. But we'll see when we get there...
Just to be obsessively careful, here: Having one choice as a MUST and another as a MAY would seem to be mutually exclusive, if only one choice is allowed. Hence the implication of your expectation is that all recipients will be required to support multiple signatures...
d/ _______________________________________________ ietf-dkim mailing list http://dkim.org
