>IMHO, if no SSP records is defined for the OA, then messages from >the OA must be considered to never be signed, and any signed message >should be considered suspicious.
I see why you might want to mandate that any domain that publishes dkim keys also must publish SSP records, but it doesn't feel to me like the rest of the group is ready to do that. R's, John _______________________________________________ ietf-dkim mailing list [email protected] http://mipassoc.org/mailman/listinfo/ietf-dkim
