[ietf-clear] No callbacks, please, was Re. CLEAR Charter

On Sun, 2004-10-03 at 20:01, John Levine wrote:
> > If BATV uses a public scheme, presumably there is at least a DNS 
> > query per message, to get the key.
Per unique domain, assuming this information is cached locally. 

> > Although this query would not go directly back to the 'caller' 
> > and, therefore, is not strictly a call-back scheme, it does 
> > impose a per-message, receive-time, cross-net exchange.
> The public schemes I've seen proposed use per-domain keys, not per
> mailbox keys.  If a random Russion site gets a 10,000 spams with
> forged abuse.net addresses, which they do all the time, I'd much
> rather they do one lookup for a per-domain key and cache it than
> 10,000 lookups for 10,000 fake return addresses.
>
> > In terms of transaction costs, how would this differ from what 
> > SES is proposing?
> Per domain rather than per mailbox or per-message.  I think that's
> significant.  It's also DNS which is known to perform adequately for
> per-domain data, rather than some yet-to-be invented per-mailbox
> protocol which, according to recent messages, is simultaneously UDP to
> be very lightweight, and TCP to be more reliable.
That sounds reasonable.

Reference provided by John Glube
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200410/0012.html

PDF of Seth Goodman's proposal.  There does not seem to be an IETF ID on
this.
http://ses.codeshare.ca/files/ses_proposal.pdf

> R's,
> John
>
> PS: If bad guys put fake DK signatures on their spam with random
> fake selectors, we're back to a per-message DDOS.  Hmmn.
This is why CSV remains important.

-Doug