On Apr 18, 2006, at 9:29 AM, Hector Santos wrote:
----- Original Message -----
From: "Paul Hoffman" <phoffman(_at_)proper(_dot_)com>
To: <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Tuesday, April 18, 2006 11:38 AM
Subject: Re: [ietf-dkim] Expiration Tag (x=) is required to
minimize DNS
lookups.
At 2:34 PM +0000 4/18/06, Mark Delany wrote:
This is surely an edge case that Knuth warns us about.
+1
The current spec has enough language to handle key rollover
gracefully. Further, if a sender wants to minimize DNS lookups, the
DNS TTL is the perfect tool, and is already implemented everywhere.
But it still an optimization concept:
- No need to DNS lookup, regardless of TTL state.
Yes. DNS is cheap, and NXDOMAIN is cached, though. How often, in
practice, do you think that even an MUA, let alone an MTA, will be
seeing a significant fraction of expired signatures?
- No need to do any SHA256 Hashing on a potential HUGE payload.
If the public key has expired from DNS, then you wouldn't be
doing that anyway, would you? (If your MTA were ill-designed
enough to do that it would also be doing so for the significantly
larger fraction of email that has falsified DKIM headers, which would
seem a much bigger problem.)
This is clearly an optimization any good engineer will see.
I don't really care one way or the other, but describing this
feature as "clearly an optimization" seems to overstate the case.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html