> A dkim compliant mta will do a dip on my dns records and find no ssp or > dk record and drop the message as non compliant.
>if the signature succeeds, why do they need to check ssp? I was making an assumption that if it's the first time cox.com has hit that mta they would get the values for both public key and ssp to cache them locally. If a subsequent message fails cached info then a re-dip of the zone records would either reflect new correct values or be the same as the currently cached records and fail signature processing. I would think that keeping a local cache would speed things up. Bill Oxley Messaging Engineer Cox Communications, Inc. Alpharetta GA 404-847-6397 [EMAIL PROTECTED] _______________________________________________ ietf-dkim mailing list http://dkim.org
