It appears that Laura Atkins via mailop <la...@wordtothewise.com> said: >-=-=-=-=-=- >-=-=-=-=-=- > >To answer your first question: a lot of mail is double signed. Signing with 2 >identical d= but different s= is unusual, but I >don’t think it’s prohibited anywhere.
It's pretty much mandatory if you're trying to migrate from RSA to EC signatures since you can only have one key per selector. > I also don’t think the RFC addresses anything about mail disposition in case > of failures. Sec 6.1: Therefore, a Verifier SHOULD NOT treat a message that has one or more bad signatures and no good signatures differently from a message with no signature at all. ... ..., text reading "return status (explanation)" (where "status" is one of "PERMFAIL" or "TEMPFAIL") means that the Verifier MUST immediately cease processing that signature. The Verifier SHOULD proceed to the next signature, if one is present, and completely ignore the bad signature. > It could be that the 2 identical d= one passing and one failing is causing a > spam filter somewhere to act up. There are certainly plenty of people who didn't read the spec and wrongly assume that a failed signature means something is wrong. R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop