No, this doesn't change the semantics of DKIM-BASE. The DKIM-Base
"ignore failures" philosophy is basically "an invalid signature is
exactly the same as no signature at all: no better and no worse." What
we're talking about is how the missing/invalid signature case is handled.
-Jim
The document already covers this case. It assumes that anyone doing so
must be a bad actor. Says nothing about good players doing it on
purpose :-)
8.7. Intentionally Malformed Key Records
It is possible for an attacker to publish key records in DNS that are
intentionally malformed, with the intent of causing a denial-of-
service attack on a non-robust verifier implementation. The attacker
could then cause a verifier to read the malformed key record by
sending a message to one of its users referencing the malformed
record in a (not necessarily valid) signature. Verifiers MUST
thoroughly verify all key records retrieved from the DNS and be
robust against intentionally as well as unintentionally malformed key
records.
Regards,
Damon Sauer
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html