ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: Replay attacks, what's that?

2005-08-07 00:08:33
On Sat, 6 Aug 2005, Douglas Otis wrote:

User-keys in DNS could have a significant impact on DNS traffic.  When
compared to the overall traffic carried by the the messages, this would
represent just a percentage of increase.  But when considering the
impact on DNS cache, the effects could be far greater.  Perhaps one
solution for protecting the DNS cache would be to severely limit any TXT
or KEY record's TTL.  However, short TTLs for user-keys AND domain-keys
would impact the overall performance of email, as every operation would
likely suffer a DNS lookup, with perhaps an increase in the already high
DNS response loss rate.  With long time-outs and damage to DNS cache,
the affect that user-keys may have on DNS could be damaging other
applications as well.

DNS performance depends on the cacheing of NS records, not leaf records,
so forcing short TTLs on DKIM records won't have much impact.

Tony.
-- 
f.a.n.finch  <dot(_at_)dotat(_dot_)at>  http://dotat.at/
BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR
GOOD.
_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim

<Prev in Thread] Current Thread [Next in Thread>