It appears that Laura Atkins via mailop <la...@wordtothewise.com> said:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>To answer your first question: a lot of mail is double signed. Signing with 2
>identical d= but different s= is unusual, but I
>don’t think it’s prohibited anywhere.
It's pretty much mandatory if you're trying to migrate from RSA to EC
signatures since you can only have
one key per selector.
> I also don’t think the RFC addresses anything about mail disposition in case
> of failures.
Sec 6.1:
Therefore, a Verifier SHOULD NOT treat a message that has one or more
bad signatures and no good signatures differently from a message with
no signature at all. ...
..., text reading "return status
(explanation)" (where "status" is one of "PERMFAIL" or "TEMPFAIL")
means that the Verifier MUST immediately cease processing that
signature. The Verifier SHOULD proceed to the next signature, if one
is present, and completely ignore the bad signature.
> It could be that the 2 identical d= one passing and one failing is causing a
> spam filter somewhere to act up.
There are certainly plenty of people who didn't read the spec and
wrongly assume that a failed signature means something is wrong.
R's,
John
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
