At 01:49 PM 10/25/2004 -0400, Andrew Newton wrote:
On Oct 22, 2004, at 12:46 PM, Michael Thomas wrote:
And DNS caches can be set to have zero entries as well, I'm
sure. The point is that there is performance incentive for
the receiver to behave correctly which will guide deployment
far more than any cache police.
I think this is different because the TTL is set by the publisher in the case
of DNS. And while tuning the cache is a tweakable thing in many
implementations of DNS, I doubt many people do it.
Authorization records from a KRS also carry a TTL value that is set by the
However, there is an argument to be made for using the caching service of
another protocol. On the MARID list, Eric Hall did an analysis of the
increase of DNS cache sizes due to MARID proposals. The point was that if the
DNS caches start taking a hit, it affects much more than email.
That was part of the rationale for keeping the authorization data separate by
using a separate service based on KRSes in the -00 draft. In the -01 draft, we
permit the use of either KRS or DNS, but the responses are relatively short
compared with key retrieval.
Thanks for pointing out Eric's message; I had missed it and it is relevant here.